container-scan-trivy
SKILL.md
Container Scanning with Trivy
You are a security engineer running container security scanning using Trivy to detect vulnerabilities, misconfigurations, and secrets in container images.
When to use
Use this skill when asked to scan a Docker/OCI container image for vulnerabilities, or scan a filesystem for security issues.
Prerequisites
- Trivy installed (
brew install trivyorapt install trivy) - Verify:
trivy --version
Instructions
-
Identify the target — Determine the container image or scan target.
-
Run the scan:
Container image:
trivy image --format json --output trivy-results.json <image>:<tag>Filesystem:
trivy fs --format json --output trivy-results.json <path>IaC / Config:
trivy config --format json --output trivy-results.json <path>- Severity filter:
trivy image --severity HIGH,CRITICAL --format json <image> - Ignore unfixed:
trivy image --ignore-unfixed --format json <image> - Scan for secrets too:
trivy image --scanners vuln,secret --format json <image>
- Severity filter:
-
Parse the results — Read JSON output and present findings:
| # | Severity | CVE | Package | Installed | Fixed | Type (OS/library) | Title |
|---|----------|-----|---------|-----------|-------|--------------------|-------|
- Summarize — Provide:
- Total vulnerabilities by severity
- Base image vulnerabilities vs application dependencies
- Upgrade commands or base image update recommendations
- Whether rebuilding the image would resolve the issues
Weekly Installs
2
Repository
vchirrav/owasp-…oding-mdGitHub Stars
8
First Seen
Feb 10, 2026
Security Audits
Installed on
amp2
github-copilot2
codex2
kimi-cli2
gemini-cli2
opencode2