Introductions

Trivy

Trivy has different scanners that look for different security issues, and different targets where it can find those issues.

Targets:

• Container Image

• Filesystem

• Git repository (remote)

• Kubernetes cluster or resource

Scanners:

• OS packages and software dependencies in use (SBOM)

• Known vulnerabilities (CVEs)

• IaC misconfigurations

• Sensitive information and secrets

Snyk

Snyk is a developer-first cloud-native security tool. It covers multiple areas of application security:

1. Snyk Open Source: Find and automatically fix open source vulnerabilities

2. Snyk Code: Find and fix vulnerabilities in your application code in real time

3. Snyk Container: Find and fix vulnerabilities in container images and Kubernetes applications

4. Snyk Infrastructure as Code: Find and fix insecure configurations in Terraform and Kubernetes code

Installation

On MacOS using HomeBrew

brew tap aquasecurity/trivy
brew install trivy

brew tap snyk/tap
brew install snyk

Process of usage

Let’s say we wanted to scan the container for the official python image python:3.4-alpine

trivy image python:3.4-alpine

snyk auth <SNYK_API_TOKEN>
snyk container test python:3.4-alpine

Output Examples

Trivy

Snyk

In addition Snyk also provides UI based analysis for better navigation and visibility when running the monitor command.

Summary

Snyk has alot more 3rd Party integrations than trivy and also has a continuous cloud scanning feature without having to manually run scanning process separately.

Trivy on the other hand was able to detect more vulnerabilities and was very straightforward to use without needing any authentication or limitation as its totally open source.