trivy
Installation
SKILL.md
Trivy Vulnerability Scanner
Core Commands
Node.js / Filesystem Scanning
# Scan current directory for vulnerabilities (package.json/package-lock.json)
trivy fs --scanners vuln .
# Include dev dependencies (devDependencies in package.json)
trivy fs --scanners vuln --include-dev-deps .
# Scan specific package-lock.json file
trivy fs --scanners vuln package-lock.json
# JSON output for CI/CD pipelines
trivy fs --scanners vuln --format json -o results.json .