Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>trivy
trivy

trivy

Aqua Security

|
5,484 installs
| (8) | Free
Trivy is the world's most popular open source vulnerability and misconfiguration scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
Get it free

Aqua Trivy Azure DevOps Extension

An Azure DevOps Pipelines Task for Trivy, providing vulnerability scanning with an integrated UI.

Screenshot showing the Trivy extension in the Azure DevOps UI

Overview

This extension allows you to scan various targets for:

  • Vulnerabilities in applications and dependencies
  • Misconfigurations in Infrastructure as Code (IaC) files
  • Secrets accidentally committed to repositories
  • License compliance issues

Quick Start

  1. Install the Trivy task from the Azure DevOps Marketplace and press the Get it free button.

Marketplace

  1. Add the task to your azure-pipelines.yml:
steps:
  - task: trivy@2
    inputs:
      type: 'filesystem'
      target: '.'
      scanners: 'vuln,misconfig,secret'

[!Important] Docker integration is only fully supported on Linux agents. Windows agents have limited Docker support.

Documentation

Check out the documentation for more details:

  • Installation Guide
  • Trivy@1 Configuration (Legacy version)
  • Trivy@2 Configuration (Recommended for new users)
  • Aqua Platform Integration
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft