MENU
  

trivy can scan git repos, root file systems and container images for vulnerabilities and leaked secrets.

scan repo for secrets and lock files for references to vulnerable libraries etc

trivy fs --scanners vuln,secret,misconfig /path/to/myproject

build SBOM for local machine (can be uploaded)

trivy rootfs --format cyclonedx / > molsson.cdx.json