Trivy

Trivy belongs in the database because it has become one of the most practical OSS security tools in modern developer and platform workflows. The official site positions it as an all-in-one security scanner that can find vulnerabilities and misconfigurations across repositories, container images, binaries, and Kubernetes clusters. The documentation expands that further into secrets, licenses, SBOM, compliance, and policy-style scanning. That breadth is exactly why Trivy is such a strong catalog entry. It is not just a container scanner anymore. It is a lightweight security toolkit that can show up almost anywhere in the build and deployment lifecycle.

Its economics are also easy to explain honestly. The upstream project is open source and free. The checked official Trivy surfaces do not publish standalone list pricing for a commercial edition of Trivy itself. That means teams should think of Trivy first as an OSS scanner they can adopt directly, while any paid packaging or enterprise support sits around the surrounding Aqua or partner ecosystem rather than inside a simple Trivy plan page.