Skip to content

aquasecurity/trivy-aws

Repository files navigation

trivy-aws

Installing Trivy AWS Plugin

$ trivy plugin install github.com/aquasecurity/trivy-aws

Usage

Scan an AWS account for misconfigurations. Trivy uses the same authentication methods as the AWS CLI. See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

The following services are supported:

  • accessanalyzer
  • api-gateway
  • athena
  • cloudfront
  • cloudtrail
  • cloudwatch
  • codebuild
  • documentdb
  • dynamodb
  • ec2
  • ecr
  • ecs
  • efs
  • eks
  • elasticache
  • elasticsearch
  • elb
  • emr
  • iam
  • kinesis
  • kms
  • lambda
  • mq
  • msk
  • neptune
  • rds
  • redshift
  • s3
  • sns
  • sqs
  • ssm
  • workspaces
Usage:
  trivy aws [flags]

Examples:
  # basic scanning
  $ trivy aws --region us-east-1

  # limit scan to a single service:
  $ trivy aws --region us-east-1 --service s3

  # limit scan to multiple services:
  $ trivy aws --region us-east-1 --service s3 --service ec2

  # force refresh of cache for fresh results
  $ trivy aws --region us-east-1 --update-cache

Please see ARCHITECTURE.md for more information.

trivy-aws is an Aqua Security open source project. Learn about our open source work and portfolio here. Join the community, and talk to us about any matter in GitHub Discussion.