docker image for Trivy; direct mirror of aquasec/trivy images
For an up to date list of tags, please refer to the Docker Hub tags list. I only tag the amd64 and arm64 manifests as I have no needs for the others. The script, which runs daily, will always pull from the GitHub tags API. Other older tags may be available but this script only updates the last five. I'm not sure of the support lifecycle for each version of Trivy but they don't seem to release patches for older versions for very long.
For example, if the 0.42 tag is the latest, I will tag it as both latest and 0.42 so you can always refer to a specific version by it's major.minor version.
Note: The latest tag will always be the same as the newest major.minor tag as that is handled automatically in the script. This is what I personally typically use unless there is a bug or a reason to pin to a specific version.
I've found that the Trivy images published in the aquasec/trivy repository on Docker Hub only has specific tags (e.g. - there are no major.minor tags) which makes it a pain to stay up to date on the latest bugfix versions. These scripts will run daily to just create manifest tags for the linux/amd64 images by querying for the latest tag from GitHub, parsing it, and writing manifests with the major.minor version only.
This allows for using the major.minor versions so that you'll always have the latest bugfix versions, such as:
mbentley/trivy:0.21is a manifest pointing toaquasec/trivy:0.21.2
If a 0.21.3 would be released, the 0.21 tag will be updated to point to the new reference. These manifests always use the same image digest as the newest bugfix versions available for each.