Trivy

I use Trivy to scan container images, container registries, repositories, and infrastructure configurations for known vulnerabilities and misconfigurations. Beyond image scanning, I’ve worked with it to assess codebases and infrastructure as code, as well as leveraging tools like Trivy Operator for continuous security monitoring within Kubernetes environments. I value Trivy for its versatility and ease of integration into CI/CD pipelines, helping embed security directly into development workflows and supporting a proactive, secure-by-design approach across cloud-native infrastructure