Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>trivy
trivy

trivy

Aqua Security

|
5,334 installs
| (8) | Free
Trivy is the world's most popular open source vulnerability and misconfiguration scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
Get it free

Aqua Trivy

An Azure DevOps Pipelines Task for Trivy, with an integrated UI.

Screenshot showing the Trivy extension in the Azure DevOps UI

Installation

  1. Install the Trivy task in your Azure DevOps organisation (hit the Get it free button above).

  2. Add the task to your azure-pipelines.yml in a project where you'd like to run Trivy:

Agents Compatibility

Agent OS Run binary Scan FileSystem Docker
Linux ✅ ✅ ✅
MacOS ✅ ✅ 🔴
Windows ✅ ✅ 🔴

Self-Hosted Agents

Access to Docker Engine is required to run Trivy in docker container or scan docker images.

While you can attempt to scan Docker images on Windows, running the task using a Docker image will mostly fail.

Configuration

If new to the Trivy pipeline task, you should use the newer v2 version.

Trivy@1 Configuration

Trivy@2 Configuration

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft