Software Composition Analysis with Trivy Overview Trivy is a comprehensive security scanner for containers, filesystems, and git repositories. It detects vulnerabilities (CVEs) in OS packages and application dependencies, IaC misconfigurations, exposed secrets, and software licenses. This skill provides workflows for vulnerability scanning, SBOM generation, CI/CD integration, and remediation prioritization aligned with CVSS and OWASP standards. Quick Start Scan a container image for vulnerabilities: Core Workflows Workflow 1: Container Image Security Assessment Progress: [ ] 1. Identify targe…