Container-Based Deployment Options

1 min read Security Testing & Tools

Container-Based Deployment Options

Running Trivy as a container provides consistency across different environments and simplifies integration with containerized CI/CD pipelines. The official Trivy Docker image includes all necessary components and can be used immediately:

# Run Trivy using Docker
docker run aquasec/trivy:latest image alpine:3.18

# Mount Docker socket for scanning local images
docker run -v /var/run/docker.sock:/var/run/docker.sock \
    aquasec/trivy:latest image myapp:latest

# Use specific Trivy version
docker run aquasec/trivy:0.45.0 image nginx:latest

For Kubernetes environments, Trivy can be deployed as a pod or integrated into admission controllers. This deployment model enables cluster-wide vulnerability scanning:

# Kubernetes Job for scanning images
apiVersion: batch/v1
kind: Job
metadata:
  name: trivy-scan
spec:
  template:
    spec:
      containers:
      - name: trivy
        image: aquasec/trivy:latest
        command:
          - trivy
          - image
          - --format
          - json
          - --output
          - /tmp/results.json
          - nginx:latest
        volumeMounts:
        - name: cache
          mountPath: /root/.cache/
        - name: results
          mountPath: /tmp
      volumes:
      - name: cache
        emptyDir: {}
      - name: results
        emptyDir: {}
      restartPolicy: Never