Sold by: cloudimg
Deployed on AWS
Free Trial
AWS Free Tier
This product has charges associated with it for seller support. Trivy, Aqua Security's open source scanner for vulnerabilities, misconfigurations, secrets and SBOMs, preinstalled as a ready-to-use scanning workstation. The trivy binary and a pre-downloaded vulnerability database on a dedicated disk are set up, so you scan images, filesystems, repos and IaC offline within minutes. 24/7 cloudimg support.
Overview
Image
trivy version
Image
trivy filesystem scan
Image
trivy IaC misconfiguration scan
This is a repackaged open source software product wherein additional charges apply for cloudimg support services.
Overview Trivy is the open source, Apache-2.0 licensed all-in-one security scanner from Aqua Security. It finds known vulnerabilities (CVEs) in operating system packages and language dependencies, detects infrastructure-as-code and Kubernetes misconfigurations, surfaces hard-coded secrets, and generates and scans software bills of materials (SBOMs). This image delivers Trivy fully installed and configured as a ready-to-use scanning workstation, so an engineer can SSH in and start scanning immediately, with no setup.
Security Scanning Workstation The trivy binary installed on the system path and verified against the official release checksum. The Trivy cache and vulnerability database placed on a dedicated, independently resizable data disk and exported to every login shell, so the database persists on durable storage rather than the OS disk. A login banner and an information file describing the layout and how to get started.
Vulnerability Database Pre-Loaded The full vulnerability database and the Java index database are pre-downloaded into the cache during the build, so the appliance ships ready to scan offline out of the box. Point Trivy at a container image, a filesystem, a Git repository, an SBOM or an IaC directory and get a report in seconds. Refresh the database at any time with a single command, or let Trivy auto-update it on its normal schedule.
All-In-One Scanning Scan container images and root filesystems for OS-package and language-dependency CVEs. Scan local directories, Git repositories and SBOM files. Scan Terraform, CloudFormation, Kubernetes manifests, Helm charts and Dockerfiles for misconfigurations. Detect leaked secrets and API keys. Generate CycloneDX and SPDX SBOMs. One binary, one cache, every scan type.
Ready To Use Connect over SSH and run trivy straight away. The cache, the pre-loaded database and the environment are already in place, so the first scan returns results immediately with no download wait. Wire the workstation into CI to fail builds on critical findings, or use it as a managed scanning bastion for your fleet.
cloudimg Support 24/7 technical support by email and chat. Help with scan configuration, severity gating and exit codes, ignore policies, SBOM generation, IaC and Kubernetes misconfiguration scanning, database refresh and air-gapped operation, and CI integration.
Use Cases A managed scanning bastion for auditing container images and hosts. A CI runner image that fails pull requests on critical CVEs or misconfigurations. An air-gapped scanning workstation that ships with the vulnerability database pre-loaded. A reproducible security tooling environment with a pinned, checksum-verified scanner.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
Highlights
- Trivy, Aqua Security's open source Apache-2.0 all-in-one scanner for vulnerabilities, misconfigurations, secrets and SBOMs, preinstalled as a ready-to-use scanning workstation with the trivy binary on the system path, verified against the official release checksum, no setup required
- The vulnerability database and Java index database are pre-downloaded into a cache on a dedicated, independently resizable data disk, so the appliance scans offline out of the box and the database persists on durable storage; refresh it with a single command
- Scan container images, filesystems, Git repositories, SBOMs and infrastructure-as-code (Terraform, CloudFormation, Kubernetes, Dockerfiles) from one binary, with 24/7 technical support from cloudimg
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 24.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 7 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Description | Cost/hour |
|---|---|---|
t3.medium Recommended | t3.medium | $0.04 |
t3.micro | t3.micro instance type | $0.04 |
t2.micro | t2.micro instance type | $0.04 |
r8in.16xlarge | r8in.16xlarge instance type | $0.24 |
r8id.metal-48xl | r8id.metal-48xl instance type | $0.24 |
m8i.large | m8i.large instance type | $0.08 |
r8i.96xlarge | r8i.96xlarge instance type | $0.24 |
m7i-flex.12xlarge | m7i-flex.12xlarge instance type | $0.24 |
m8idn.24xlarge | m8idn.24xlarge instance type | $0.24 |
m8ib.2xlarge | m8ib.2xlarge instance type | $0.24 |
Vendor refund policy
Refunds available on request.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Initial release of Trivy 0.71.1, Aqua Security's open source all-in-one security scanner, as a ready-to-use CLI workstation with the vulnerability database pre-loaded.
Additional details
Usage instructions
Connect via SSH on port 22 as the default login user for your operating system variant (the user guide lists it per variant). This is a headless command-line security scanner: there is no web interface. Read the welcome notes with: sudo cat /root/trivy-info.txt. Run trivy version to confirm the toolchain and see the bundled vulnerability database metadata. The vulnerability database is PRE-DOWNLOADED so you can scan offline immediately: scan a filesystem with trivy fs /path, a container image with trivy image name:tag , a Git repository with trivy repo <url>, infrastructure-as-code with trivy config <dir>, and generate an SBOM with trivy image --format cyclonedx -o sbom.json name:tag . Add --skip-db-update to scan without touching the network. The cache and database are on a dedicated data disk at /var/lib/trivy and exported as TRIVY_CACHE_DIR for every login shell. Refresh the database any time with trivy image --download-db-only. Use --severity CRITICAL,HIGH and --exit-code 1 to gate CI pipelines on findings.
Resources
Vendor resources
Support
Vendor support
cloudimg provides 24/7 technical support for this product by email and live chat. Our engineers help with deployment, configuration, updates, performance tuning and troubleshooting; critical issues receive a one hour average response. Contact support@cloudimg.co.uk .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
This product has charges associated with it for seller support. Harbor, the CNCF graduated open source container registry, preinstalled and ready with vulnerability scanning, image signing, replication and role based access control. Per instance administrator credentials are generated on first boot. Backed by 24/7 cloudimg support.
Self-hosted vulnerability scanner for containers, filesystems, and IaC. Scan Docker images, Kubernetes manifests, and Terraform for CVEs and misconfigurations.
This product has charges associated with it for hardening, security configuration, and support.
Harbor is a CNCF-graduated container registry that stores OCI images and Helm charts and adds vulnerability scanning (Trivy), image signing, and role-based access control. Unlike bare Harbor AMIs that ship with the well-known default admin password, expose the registry over plain HTTP that Docker clients reject, and leave the host firewall open, this Lynxroute build is ready out of the box: a unique admin password generated at first launch, HTTPS enabled automatically with a self-signed certificate, the registry and database bound behind the host TLS edge, UFW firewall pre-configured, and a CIS Level 1 hardened Ubuntu 24.04 LTS base.
Apache-2.0 license - fully auditable, no vendor lock-in.
Aqua secures every cloud native application on AWS across the entire lifecycle. Protect containers, serverless, Kubernetes, and AI workloads to accelerate innovation and scale securely. Prevent attacks and reduce risk with security enforced from code to cloud to prompt
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.