Tutorial Beginner By Samson Tanimawo, PhD Published Oct 8, 2026 10 min read

Trivy Container Scanning in 15 Minutes

Trivy is the fastest way to scan images. The 15-minute walkthrough covers install + scan + CI.

Step 1: Install

brew install trivy or curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

Step 2: Scan an image

trivy image nginx:latest, outputs CVEs by severity.
Takes 30-60s on first run; faster after.

Step 3: Read the report

Critical/High first; Medium/Low later.

For each: package, version, fix-version available.

Step 4: CI integration

Add a step in your CI YAML: trivy image $IMAGE_TAG --severity CRITICAL,HIGH --exit-code 1

Build fails on critical findings.

Antipatterns

Scanning latest tag forever. Pin and rescan on update.
Failing CI on every Medium. Engineers learn to skip.
Scanning without remediation tracking. Findings rot.

What to do this week

Three moves. (1) Run the tutorial end-to-end on your own laptop / sandbox. (2) Apply the pattern to one production workload. (3) Document the variations you needed; share with the team.