Trivy command lines
Published: (February 10, 2026 at 11:41 PM EST)
2 min read
Source: Dev.to
Source: Dev.to
Command Execution
The command scans by updating the vulnerability database, which takes around one minute on the first run.
When the same command is re‑issued, the vulnerability database is cached, so the command completes much faster.
Result Columns
Each result includes the following columns (from left to right):
| Column | Description |
|---|---|
| Library | The name of the library or package that contains the vulnerability |
| Vulnerability | The identifier of the vulnerability in the CVE (Common Vulnerabilities and Exposures) database |
| Severity | The severity of the vulnerability as determined by the CVSS (Common Vulnerability Scoring System) score, categorized into UNKNOWN, LOW, MEDIUM, HIGH, and CRITICAL |
| Installed Version | The version of the library or package that is installed in the image |
| Fixed Version | The version of the library or package that fixes the vulnerability |
| Title | The title of the vulnerability with a link to more details |
Severity Considerations
You will need to determine what level of severity is acceptable for your organization.
When filtering for high or critical severity only, the list of vulnerabilities becomes much shorter.
Image Differences
- Alpine image – Based on a smaller base image with fewer libraries and packages, resulting in a reduced attack surface and shorter scan results.
- Perl image – Contains more libraries and packages, leading to a larger set of reported vulnerabilities.
Saving Scan Results
Scan results can be saved to a JSON file for future analysis.