Filesystem Scan

High and critical vulnerabilities 

docker run --rm -v .:/var/ aquasec/trivy:latest \
  fs --exit-code 1 --severity HIGH,CRITICAL /var

All vulnerabilities 

docker run --rm -v .:/var/ aquasec/trivy:latest \
  fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM /var

Docker Image Scan

High and critical vulnerabilities 

docker build -t temp-image -f Dockerfile . && \
docker save temp-image -o image.tar && \
docker rmi temp-image && \
docker run --rm -v .:/var/ aquasec/trivy:latest \
  image --exit-code 1 --severity HIGH,CRITICAL --input /var/image.tar

All vulnerabilities 

docker build -t temp-image -f Dockerfile . && \
docker save temp-image -o image.tar && \
docker rmi temp-image && \
docker run --rm -v .:/var/ aquasec/trivy:latest \
  image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM --input /var/image.tar

Note: --exit-code 1 fails the command if vulnerabilities found (useful for CI/CD).

Made by @gatisr

Page last modified: 10:00 12.02.2026.

This site uses Just the Docs, a documentation theme for Jekyll.