Skip to content

owenrumney/lazytrivy

BranchesTags

Repository files navigation

Go Report Card License: Apache-2.0 Github Release GitHub All Releases

lazytrivy

lazytrivy is a terminal UI wrapper for Trivy that lets you run Trivy scans without remembering all the command arguments. It now uses the latest Trivy binary directly (no Docker image required).

Inspired by Jesse Duffield's superb tools (lazydocker, lazynpm, lazygit).

Features

  • Image Scanning
    • Scan all images on your system
    • Scan a single image
    • Scan a remote image
  • File System Scanning
    • Scan a filesystem for vulnerabilities, misconfigurations, and secrets
  • Kubernetes Scanning (Experimental)
    • Scan K8s resources for vulnerabilities and misconfigurations (experimental, subject to user feedback)

What does it do?

lazytrivy provides a fast, interactive terminal UI for running Trivy scans. It displays results in a clear, navigable interface and helps you select images, filesystems, or Kubernetes resources to scan. Trivy is run directly (no Docker required), so you always get the latest features and performance.

Trivy will periodically download the latest vulnerability database. lazytrivy maintains a cache, but if you experience a delay, it's likely Trivy is updating its DB.

Installation

Install with Go

If you have Go installed:

go install github.com/owenrumney/lazytrivy@latest

Download from Releases

Get the latest releases from GitHub

Config

Optionally, add a config file at ~/.config/lazytrivy/config.yml:

vulnerability:
  ignoreunfixed: false
filesystem:
  scansecrets: true
  scanmisconfiguration: true
  scanvulnerabilities: true
cachedirectory: ~/.cache
debug: true
trace: false

Config via UI

Settings can be adjusted via the UI by pressing the , key at any time.

Settings Screenshot

By setting debug to true, additional logs will be generated in /tmp/lazytrivy.log

Usage

lazytrivy is easy to use. Run it with:

lazytrivy --help

Available Commands:

  • image Launch lazytrivy in image scanning mode
  • filesystem Launch lazytrivy in filesystem scanning mode
  • k8s Launch lazytrivy in Kubernetes scanning mode (experimental)
  • help Help about any command

Flags:

  • --debug Launch with debug logging
  • --trace Launch with trace logging

Use lazytrivy [command] --help for more information about a command.

Viewing logs

Logs are generated in $HOME/.lazytrivy/logs/lazytrivy.log (default level: info). Use the --debug flag for more details, or --trace for verbose output.

Starting in a specific mode

You can start lazytrivy in a specific mode using image, filesystem, or k8s:

For example, to scan a specific filesystem folder:

lazytrivy filesystem --path /home/owen/code/github/owenrumney/example

To scan Kubernetes resources (experimental):

lazytrivy k8s --context my-kube-context

Screenshots

Image Scanning

Image Scanning

Filesystem Scanning

Filesystem Scanning

Kubernetes Scanning (Experimental)

K8s Scanning

Settings

Settings

About

Vulnerability scanning just got lazier

Topics

docker golang scanner tui aws-security vulnerability-scanners staticanalysis security-tools golang-cli podman security-auditing-tool trivy misconfigurations

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

301 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases 33

v1.2.2 Latest
Oct 12, 2025
+ 32 releases

Contributors 3

  •  
  •  
  •  

Languages