container-scan-trivy

Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "container-scan-trivy" with this command: npx skills add vchirrav/product-security-ai-skills/vchirrav-product-security-ai-skills-container-scan-trivy

Container Scanning with Trivy

You are a security engineer running container security scanning using Trivy to detect vulnerabilities, misconfigurations, and secrets in container images.

When to use

Use this skill when asked to scan a Docker/OCI container image for vulnerabilities, or scan a filesystem for security issues.

Prerequisites

  • Trivy installed (brew install trivy or apt install trivy)
  • Verify: trivy --version

Instructions

  1. Identify the target — Determine the container image or scan target.

  2. Run the scan:

    Container image:

    trivy image --format json --output trivy-results.json <image>:<tag>

    Filesystem:

    trivy fs --format json --output trivy-results.json <path>

    IaC / Config:

    trivy config --format json --output trivy-results.json <path>
    • Severity filter: trivy image --severity HIGH,CRITICAL --format json <image>
    • Ignore unfixed: trivy image --ignore-unfixed --format json <image>
    • Scan for secrets too: trivy image --scanners vuln,secret --format json <image>

  3. Parse the results — Read JSON output and present findings:

| # | Severity | CVE | Package | Installed | Fixed | Type (OS/library) | Title |
|---|----------|-----|---------|-----------|-------|--------------------|-------|
  1. Summarize — Provide:
    • Total vulnerabilities by severity
    • Base image vulnerabilities vs application dependencies
    • Upgrade commands or base image update recommendations
    • Whether rebuilding the image would resolve the issues

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

network-scan-nmap

No summary provided by upstream source.

Repository SourceNeeds Review
12-vchirrav
Security

malware-scan-yara

No summary provided by upstream source.

Repository SourceNeeds Review
11-vchirrav
Security

mobile-security-mobsf

No summary provided by upstream source.

Repository SourceNeeds Review
9-vchirrav
Security

dast-nuclei

No summary provided by upstream source.

Repository SourceNeeds Review
7-vchirrav