Performance Optimization and Scaling
Performance Optimization and Scaling
Optimizing Trivy's performance ensures fast scan times even for large images. Several configuration options help balance thoroughness with speed:
# Parallel downloading for faster database updates
trivy image --db-repository ghcr.io/aquasecurity/trivy-db:2 alpine:latest
# Limit scanning to specific vulnerabilities
trivy image --vuln-type os alpine:latest
# Skip scanning for dev dependencies
trivy image --skip-dev-deps node:latest
# Use lightweight database for faster scans
trivy image --light alpine:latest
For high-volume scanning scenarios, implementing Trivy in client-server mode improves efficiency:
# Start Trivy server
trivy server --listen 0.0.0.0:8080
# Run client scans against server
trivy client --remote http://trivy-server:8080 alpine:latest
# Server with authentication
trivy server --listen 0.0.0.0:8080 --token mytoken
# Authenticated client
trivy client --remote http://trivy-server:8080 --token mytoken alpine:latest