# trivy

Find vulnerabilities, misconfigurations, and secrets in containers and code

**Score:** 80% pass rate
**Principles:** 4/7 met

## Embed the badge

This score (80%) clears the [badge floor](https://anc.dev/badge) (80%). Copy this into your README:

```markdown
[![agent-native](https://anc.dev/badge/trivy.svg)](https://anc.dev/score/trivy)
```

| Status | Check | Principle | Evidence |
|--------|-------|-----------|----------|
| PASS | Help flag produces useful output | [P3](https://anc.dev/p3) |  |
| PASS | Version flag works | [P3](https://anc.dev/p3) |  |
| PASS | Structured output support | [P2](https://anc.dev/p2) |  |
| PASS | Rejects invalid arguments | [P4](https://anc.dev/p4) |  |
| PASS | Quiet mode available | [P7](https://anc.dev/p7) |  |
| PASS | Handles SIGPIPE gracefully | [P6](https://anc.dev/p6) |  |
| PASS | Non-interactive by default | [P1](https://anc.dev/p1) |  |
| SKIP | Non-interactive gate flag advertised in --help | [P1](https://anc.dev/p1) | target satisfies P1 via alternative gate (help-on-bare or stdin-primary) |
| WARN | Flags advertise env-var bindings in --help | [P1](https://anc.dev/p1) | 11 flag(s) found in --help but no `[env: NAME]` bindings advertised |
| WARN | Pager-using CLI ships --no-pager escape hatch | [P6](https://anc.dev/p6) | pager referenced in --help but no --no-pager escape hatch advertised |
| PASS | Respects NO_COLOR | [P6](https://anc.dev/p6) |  |

**Repo:** [aquasecurity/trivy](https://github.com/aquasecurity/trivy)
**Language:** Go
**Version scored:** 0.70.0
**Audit date:** 2026-05-01 10:09:15 UTC
**Duration:** 317ms
**Platform:** `linux/x86_64`
**Mode:** command
**Anc build:** 0.3.0
**Install:** `brew install trivy`

## Reproduce locally

```bash
anc check --command trivy --output json
```