23 Integrations with Trivy
View a list of Trivy integrations and software that integrates with Trivy below. Compare the best Trivy integrations as well as features, ratings, user reviews, and pricing of software that integrates with Trivy. Here are the current Trivy integrations in 2026:
-
1
Chainguard
Chainguard
Chainguard Containers are a guarded catalog of 1,700+ minimal, zero-CVE container images with a best-in-class CVE remediation SLA (7 days for critical severity, 14 days for high, medium and low) that helps customers build and deploy software better. Modern software development practices and deployment pipelines require secure, up-to-date containerized applications for cloud-native applications. Chainguard builds minimal images continuously from source in our hardened build infrastructure, with only the components required to build and run your applications. Aimed at engineering organizations and security teams alike, Chainguard Containers reduce costly engineering toil around vulnerability management, enhance the security posture of applications by eliminating attack surface, and unlock revenue by simplifying compliance with key frameworks and customer requirements. -
2
Docker
Docker
Docker takes away repetitive, mundane configuration tasks and is used throughout the development lifecycle for fast, easy and portable application development, desktop and cloud. Docker’s comprehensive end-to-end platform includes UIs, CLIs, APIs and security that are engineered to work together across the entire application delivery lifecycle. Get a head start on your coding by leveraging Docker images to efficiently develop your own unique applications on Windows and Mac. Create your multi-container application using Docker Compose. Integrate with your favorite tools throughout your development pipeline, Docker works with all development tools you use including VS Code, CircleCI and GitHub. Package applications as portable container images to run in any environment consistently from on-premises Kubernetes to AWS ECS, Azure ACI, Google GKE and more. Leverage Docker Trusted Content, including Docker Official Images and images from Docker Verified Publishers.Starting Price: $7 per month -
3
Kubernetes
Kubernetes
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community. Designed on the same principles that allows Google to run billions of containers a week, Kubernetes can scale without increasing your ops team. Whether testing locally or running a global enterprise, Kubernetes flexibility grows with you to deliver your applications consistently and easily no matter how complex your need is. Kubernetes is open source giving you the freedom to take advantage of on-premises, hybrid, or public cloud infrastructure, letting you effortlessly move workloads to where it matters to you.Starting Price: Free -
4
Visual Studio Code
Microsoft
Visual Studio Code (VS Code) is Microsoft’s open-source AI code editor designed to make coding faster, smarter, and more collaborative. It supports thousands of extensions and nearly every programming language, offering developers a lightweight yet powerful environment for writing, testing, and debugging code. With AI-powered features like GitHub Copilot, Next Edit Suggestions, and Agent Mode, VS Code helps you code with precision, automate complex tasks, and streamline development workflows. It integrates seamlessly with cloud services, remote repositories, and tools like Git, Docker, and Azure. The editor is fully customizable, allowing you to personalize your layout, color themes, and keyboard shortcuts. Whether coding locally or in the browser, VS Code delivers a complete development experience for individuals and teams alike.Starting Price: Free -
5
IntelliJ IDEA
JetBrains
IntelliJ IDEA is a professional-grade integrated development environment (IDE) primarily designed for Java and Kotlin development. It helps developers write code faster by automating routine tasks and providing smart coding assistance. The IDE supports the full software development lifecycle, from design and coding to testing and deployment. IntelliJ IDEA stays up to date with the latest language features, such as full support for Java 24 and Kotlin K2 mode. It offers a smooth and enjoyable workflow that helps developers stay focused and productive. The platform also emphasizes data privacy and security, complying with industry standards like SOC 2.Starting Price: $19.90 per user per month -
6
GitHub
GitHub
GitHub is the world’s most secure, most scalable, and most loved developer platform. Join millions of developers and businesses building the software that powers the world. Build with the world’s most innovative communities, backed by our best tools, support, and services. If you manage multiple contributors , there’s a free option: GitHub Team for Open Source. We also run GitHub Sponsors, where we help fund your work. The Pack is back. We’ve partnered up to give students and teachers free access to the best developer tools—for the school year and beyond. Work for a government-recognized nonprofit, association, or 501(c)(3)? Get a discounted Organization account on us.Starting Price: $7 per month -
7
Amazon Web Services (AWS)
Amazon
Amazon Web Services (AWS) is the world’s most comprehensive cloud platform, trusted by millions of customers across industries. From startups to global enterprises and government agencies, AWS provides on-demand solutions for compute, storage, networking, AI, analytics, and more. The platform empowers organizations to innovate faster, reduce costs, and scale globally with unmatched flexibility and reliability. With services like Amazon EC2 for compute, Amazon S3 for storage, SageMaker for AI/ML, and CloudFront for content delivery, AWS covers nearly every business and technical need. Its global infrastructure spans 120 availability zones across 38 regions, ensuring resilience, compliance, and security. Backed by the largest community of customers, partners, and developers, AWS continues to lead the cloud industry in innovation and operational expertise. -
8
Git
Git
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows. You can query/set/replace/unset options with this command. The name is actually the section and the key separated by a dot, and the value will be escaped.Starting Price: Free -
9
SonarQube Server
SonarSource
SonarQube Server is a self-managed solution for continuous code quality inspection that helps development teams identify and fix bugs, vulnerabilities, and code smells in real-time. It provides automated static code analysis for a variety of programming languages, ensuring the highest quality and security standards are maintained throughout the development lifecycle. SonarQube Server integrates seamlessly with existing CI/CD pipelines, offering flexibility for on-premise or cloud-based deployment. With advanced reporting features, it helps teams manage technical debt, track improvements, and enforce coding standards. SonarQube Server is ideal for organizations seeking full control over their code quality and security without compromising on performance. -
10
Vim
Vim
Vim is a highly configurable text editor built for creating and changing any kind of text efficiently. It is included as "vi" with most UNIX systems and with Apple OS X. Vim is rock stable and is continuously being developed to become even better. Vim is persistent, multi-level, with an extensive plugin system, support for hundreds of programming languages and file formats, powerful search and replace feature, and it integrates with many tools. Vim online is a central place for the Vim community to store useful Vim tips and tools. Vim has a scripting language that allows for plugin like extensions to enable IDE behavior, syntax highlighting, colorization as well as other advanced features. These scripts can be uploaded and maintained using Vim online. Vim stands for Vi IMproved. It used to be Vi IMitation, but there are so many improvements that a name change was appropriate. Vim is a text editor which includes almost all the commands from the Unix program "Vi".Starting Price: Free -
11
Azure DevOps Server
Microsoft
Share code, track work, and ship software using integrated software delivery tools, hosted on premisis. Use all the Azure DevOps services or just the ones you need to complement your existing workflows. Previously known as Team Foundation Server (TFS), Azure DevOps Server is a set of collaborative software development tools, hosted on-premises. Azure DevOps Server integrates with your existing IDE or editor, enabling your cross-functional team to work effectively on projects of all sizes. Azure DevOps Server is source code management software, and includes features such as access Controls/Permissions, bug tracking, build automation, change management, code review, collaboration, continuous integration, and version control.Starting Price: $6 per user per month -
12
CircleCI
CircleCI
Automate your development process with CI hosted in the cloud or on a private server. Take control of your code and manage every source of change. CircleCI means change validation, at every step. Trust that you can release updates right when your customers need them, with the certainty they’ll work every time. The power to create without limits. Code in every language and across multiple execution environments. If you can write it, we can build, test, and deploy it. With flexible environments and thousands of pre-built integrations, your pipelines never limit the possibility of what you can deliver. We’re the only CI/CD platform that’s FedRAMP certified and SOC 2 Type II compliant. Built-in features like audit logs, OpenID Connect, third-party secrets management, and LDAP give you complete control of your code.Starting Price: $50 per month -
13
Semaphore
Continuous Integration Solutions Ltd
Semaphore is an open-source CI platform that provides powerful out-of-the-box support for monorepo projects. Using Visual Pipeline Builder, every engineer can contribute to CI/CD. Semaphore is the fastest CI/CD service on the market. Goodbye undocumented, manual build setups. Hello reliable continuous delivery! If you prefer a managed service, Semaphore Cloud delivers your projects light years ahead, with flexible pricing and no additional per-user fees. No more tool bloat. With fine-tuned environments for every technology stack, Semaphore helps you build, test and deploy apps across teams without overhead. We don’t drop you at the mouth of the jungle and drive away. We’re committed to your CI/CD success, every step of the way. And have a track record to prove it.Starting Price: $0 -
14
Harbor
Harbor
CNCF Harbor is an open-source project that enhances container registry capabilities with a focus on security and compliance. It builds upon basic registry functionality by offering features such as vulnerability scanning to identify known security weaknesses in images, role-based access control for granular image access management, image signing to ensure authenticity and prevent tampering, and replication for efficient syncing of images across multiple other registries. Harbor strengthens the security of the image management process. It can be particularly beneficial for organizations that prioritize security and compliance in their containerized environments. However, users should be aware that setting up and maintaining Harbor can require additional effort and expertise compared to simpler container registries. -
15
DefectDojo
10Security
Take DefectDojo for a spin and review the demo of DefectDojo and login with sample credentials. DefectDojo is available on Github and has a setup script for easy installation. A docker container with a pre-built version of DefectDojo is available. Know exactly when new vulnerabilities are introduced in a build or remediated. Tracking when a product is assessed is easily accomplished using DefectDojo's API to track security tests that are run on each build. DefectDojo has the ability to track the build-id, commit hash, branch or tag, orchestration server, source code repo, and build server for every on-demand security test. Various reports are available for tests, engagements, and products. Products can be grouped into critical products to track products that are critical to your organization. Similar findings can be easily merged into one finding to provide developers one finding instead of multiple findings. -
16
Buildkite
Buildkite
Run the open-source buildkite-agent on your own infrastructure for maximum speed, control, and security. The agent checks out your source code, executes custom hooks and overrides, and then runs your build jobs. Your source code never leaves your infrastructure. You can install the agent using one of our packages and binaries for almost every platform and architecture, including Ubuntu, Debian, Mac, Windows, Docker, and more. The agent’s artifact and meta-data storage allows for share-nothing, state-free build jobs that can be easily distributed and scaled across any number of agents. Run as many build agents as you need (up to 10,000 connected per account), without breaking a sweat. The open-source Elastic CI Stack for AWS gives you an easy-to-maintain, elastically scaling CI stack in your own AWS account. Or if you prefer to roll your own, you can use the tools you’re already familiar with in your production environments (such as Packer and Terraform).Starting Price: $15 per user per month -
17
Concourse
Concourse
Concourse is an open-source continuous thing-doer. Built on the simple mechanics of resources, tasks, and jobs, Concourse presents a general approach to automation that makes it great for CI/CD. A Concourse pipeline is like a distributed, continuous Makefile. Each job has a build plan declaring the job's input resources and what to run with them when they change. Your pipeline is then visualized in the web UI, taking only one click to get from a failed job to seeing why it failed. The visualization provides a "gut check" feedback loop: if it looks wrong, it probably is wrong. Jobs can depend on other jobs by configuring passed constraints. The resulting chain of jobs and resources is a dependency graph that continuously pushes your project forward, from source code to production. All configuration and administration is done using the fly CLI. The fly set-pipeline command pushes the config up to Concourse. Once it looks good, you can then check the file in to source control.Starting Price: Free -
18
Use the expressive power of familiar programming languages to define your application resources and accelerate development. Simplify your AWS onboarding by using constructs that preconfigure cloud resources with proven defaults. Design and share reusable components that meet your organization's security, compliance, and governance requirements. Build applications, write runtime code, and define resources without leaving your integrated development environment (IDE). Define your cloud application resources using familiar programming languages. AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications. Develop applications more efficiently using AWS CDK as the main framework to define cloud infrastructure as code. Migrate complex backend infrastructure more efficiently, while integrating with continuous integration and delivery (CI/CD) pipelines.
-
19
Zora
Zora
Today we are introducing Zora to the world. Zora is a marketplace to buy, sell and trade limited-edition goods. All of these goods are launched as tokens. The price changes based on supply and demand. The more people who buy something, the higher the price goes and vice versa. Dynamic pricing means that people who buy a popular item early are able to sell it back at a profit before even getting the item. By being ahead of the cultural curve, they've now converted their ability to curate into real world value. People can buy and sell fractions of an item to speculate on the value of an item. Creators can allow their community to buy and sell the good before it's ready to ship. Creators are able to earn all of the value they've created by selling at a dynamic price. People can participate and buy into the ideas and products of creators they love early in the process of creation. -
20
Kyverno
Kyverno
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, Git, and Kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources plus ensure OCI image supply chain security. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline. Kyverno allows cluster administrators to manage environment specific configurations independently of workload configurations and enforce configuration best practices for their clusters. Kyverno can be used to scan existing workloads for best practices, or can be used to enforce best practices by blocking or mutating API requests. Block non-conformant resources using admission controls, or report policy violations. -
21
ZEST Security
ZEST Security
ZEST Security offers an AI-powered risk resolution platform that redefines cloud risk remediation for security teams. Unlike traditional security solutions that merely identify vulnerabilities, ZEST proactively resolves them by connecting the right team to the right fix, thereby reducing the time from discovery to remediation. The platform provides full remediation coverage by comparing the planned DevOps state with the actual cloud runtime state, enabling seamless identification and remediation of risks across both managed and unmanaged cloud infrastructure. Automated root cause analysis pinpoints the origin of issues down to the associated asset and originating lines of code, allowing teams to address multiple problems with minimal changes. AI-generated risk resolution paths drastically reduce mean time to remediation and eliminate manual triage by implementing dynamic remediation strategies. -
22
Archipelo
Archipelo
Archipelo is a developer security posture management platform that helps organizations safeguard their software development lifecycle (SDLC) by providing real-time insights into developer activities, AI code tool usage, and tool governance. It features Developer Detection Response (DevDR) for proactively identifying and mitigating security risks, Automated Tool Governance to prevent shadow IT, and an AI Code Usage & Risk Monitor to ensure secure coding practices. With seamless integration into CI/CD workflows, Archipelo captures developer actions and provides actionable insights to enhance security, mitigate risks, and ensure compliance throughout the software development process. -
23
Woodpecker
Woodpecker
Start meaningful B2B relationships. Reach out and follow up across channels with an intuitive cold email tool. Always feel confident about your deliverability. Unique algorithm based on human behavior delivers 100% messages to the main inbox. Send only to verified email addresses – automatically checked in real time. Send personalized messages people will appreciate. Follow up using the best channel. Measure campaign’s success automatically. Our AI-powered system analyzes the replies and shows how many of them were positive. Get a clear picture of how effective your strategy is.Starting Price: $59 per month
- Previous
- You're on page 1
- Next
