aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
What it does
Trivy is a security scanning tool that automatically checks software, containers, and cloud infrastructure for known vulnerabilities, exposed secrets, and configuration mistakes before they become problems. Think of it as a comprehensive safety inspector that reviews everything your engineering team ships — from the apps themselves to the environments they run in — and flags risks in one place.
Why it matters for PMs
As regulators and enterprise buyers increasingly demand proof of software security practices, having automated scanning built into the development process is becoming a baseline expectation rather than a nice-to-have. With over 31,000 GitHub stars and nearly 3,000 forks, Trivy's wide adoption signals it has become a de facto standard in this space, meaning teams that don't use something like it face growing compliance, liability, and sales cycle risks.
Early stage — limited signal data
Score updated Feb 18, 2026
Get the weekly digest
What just moved on gitfind.ai — delivered every Tuesday. No noise, just signal.