trivyscan is a Python package that simplifies security scanning of Docker images using Trivy. It bundles the Trivy binary, so you don’t need to install Trivy separately.
Trivy is a comprehensive open-source vulnerability scanner for containers and other artifacts, capable of detecting CVEs and misconfigurations across code repositories, container images, file systems, and more.
trivyscan provides a Python wrapper to interact with Trivy programmatically, enabling integration with your own tools or CI/CD pipelines.
Install via pip:
pip install trivyscanBasic usage example:
from trivyscan import TrivyScan
scanner = TrivyScan()
scanner.scan_image('your-image-name:tag')This will run a security scan on the specified Docker image.
trivyscan/: Core module containing the logic to run Trivytest/: Unit tests for the packagesetup.py: Package installation configurationrequirements.txt: List of dependencies
Run the tests using:
python -m unittest discover testContributions are welcome! Feel free to open issues or submit pull requests.
This project is licensed under the MIT License.
For more information, visit the official repository: https://github.com/alaxalves/trivyscan