trivy
Find vulnerabilities, misconfigurations, and secrets in containers and code
80%
pass rate
4/7
principles met
Spec Coverage
How many of the spec's requirements were verified for this tool. See /coverage for the full matrix.
| Level | Total | Verified | Unverified |
|---|---|---|---|
| MUST | 23 | 9 | 14 |
| SHOULD | 16 | 0 | 16 |
| MAY | 7 | 0 | 7 |
Top Issues
- WARN Flags advertise env-var bindings in --help Non-Interactive by Default 11 flag(s) found in --help but no `[env: NAME]` bindings advertised
- WARN Pager-using CLI ships --no-pager escape hatch Composable, Predictable Command Structure pager referenced in --help but no --no-pager escape hatch advertised
All Checks
P1: Non-Interactive by Default
| PASS | Non-interactive by default | |
| SKIP | Non-interactive gate flag advertised in --help | target satisfies P1 via alternative gate (help-on-bare or stdin-primary) |
| WARN | Flags advertise env-var bindings in --help | 11 flag(s) found in --help but no `[env: NAME]` bindings advertised |
P2: Structured, Parseable Output
| PASS | Structured output support |
P3: Progressive Help Discovery
| PASS | Help flag produces useful output | |
| PASS | Version flag works |
P4: Fail-Fast, Actionable Errors
| PASS | Rejects invalid arguments |
P6: Composable, Predictable Command Structure
| PASS | Handles SIGPIPE gracefully | |
| WARN | Pager-using CLI ships --no-pager escape hatch | pager referenced in --help but no --no-pager escape hatch advertised |
| PASS | Respects NO_COLOR |
P7: Bounded, High-Signal Responses
| PASS | Quiet mode available |
Embed the badge
This score (80%) clears the badge floor (80%). Copy this into your README:
[](https://anc.dev/score/trivy)Preview: 
Reproduce this scorecard for trivy locally and inspect the failing checks:
anc check --command trivy --output jsonInstall anc first if you don't have it.
Add --output json to get the same JSON shape committed under
scorecards/.