How to Set Up AquaSec Trivy Scanner | How to install AquaSec Trivy Scanner on Linux OS

What is Trivy?

• open-source security scanner tool developed by Aqua Security. 
• Used for vulnerability scanning in such as 
• container images 
• file systems/folders 
• Git repositories
• Kubernetes clusters
• misconfiguration in files such as Terraform, K8S manifest files
• Trivy helps identify security issues and misconfigurations early in the software development lifecycle.

How to Install Trivy scanner on Linux OS?

Trivy scanner can be installed so many ways. Check here for more information. But we will using APT package manager to install on Ubuntu.

sudo apt-get install wget gnupg -y

wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null 

echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list 

sudo apt-get update 

sudo apt-get install trivy -y

Check Trivy got installed

trivy --version

This confirm that Trivy got installed successfully.

Perform some scan locally

trivy image nginx

Complete Roadmap for 2025 to become a DevSecOps Engineer | Top DevSecOps Skills for 2025 | Skills required to become a DevSecOps engineer |

 Complete Roadmap to become a successful DevOps Engineer

We all know how DevOps is trending right now. And we know where it is going. Let's get to know what skills will make you a successful a DevOps engineer.

Top DevOps skills

1. Linux knowledge and scripting - basic troubleshooting, intermediate scripting, looking at the logs

2. Experience in Git, GitHub, Bitbucket or any version control systems such as SVN, TFVC

3. Experience in Continuous Integrations tools such as Jenkins, TeamCity, Circle CI 

4. Experience in Code quality tool/security scanning tools - Sonarqube, Aquasec Trivy

5. Experience in Infrastructure automation tools such as Terraform, AWS cloud formation

6. Experience in Configuration Management tools such as Ansible, Puppet or Chef

7. Experience in scripting languages such as YAML, groovy, Ruby, Python and Shell

8. Experience in containers such as Docker, Kubernetes and Helm

9. Experience in Monitoring tools such as Prometheus, Grafana

10. Ability to troubleshoot in case builds, deployments failure.

11. Any cloud knowledge and experience - AWS, Azure and Google cloud

Soft skills employers are looking:

These days employers are not only looking for strong technical skills but also looking "soft skills" which are essentials to become successful in IT. If you think if you are lagging on any of these skills, no worries. All these skills can be developed and improved over period of time by practicing.

1. Open minded

2. Willingness to learn new skills

3. Communication

4. Approachable

5. "Get it done" attitude

6. Being adaptable.