diff --git a/README.md b/README.md
index d251311de21..9c9486d29e0 100644
--- a/README.md
+++ b/README.md
@@ -5,56 +5,59 @@
[![Test][test-img]][test]
[![Go Report Card][go-report-img]][go-report]
[![License: Apache-2.0][license-img]][license]
-[![GitHub All Releases][github-all-releases-img]][release]
+[![GitHub Downloads][github-downloads-img]][release]
![Docker Pulls][docker-pulls]
[📖 Documentation][docs]
-Trivy (`tri` pronounced like **tri**gger, `vy` pronounced like en**vy**) is a comprehensive security scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
+Trivy ([pronunciation][pronunciation]) is a comprehensive and versatile security scanner. Trivy has *scanners* that look for security issues, and *targets* where it can find those issues.
-Trivy has different *scanners* that look for different security issues, and different *targets* where it can find those issues.
+Targets (what Trivy can scan):
-Targets:
- Container Image
- Filesystem
- Git repository (remote)
-- Kubernetes cluster or resource
+- Kubernetes
+- AWS
+
+Scanners (what Trivy can find there):
-Scanners:
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
-- IaC misconfigurations
+- IaC issues and misconfigurations
- Sensitive information and secrets
-
-Much more scanners and targets are coming up. Missing something? Let us know!
-
-Read more in the [Trivy Documentation][docs]
+- Software licenses
## Quick Start
### Get Trivy
-Get Trivy by your favorite installation method. See [installation] section in the documentation for details. For example:
+Trivy is available in most common distribution methods. The full list of installation options is available in the [Installation] page, here are a few popular options:
- `apt-get install trivy`
- `yum install trivy`
-- `pacman -S trivy`
- `brew install aquasecurity/trivy/trivy`
-- `sudo port install trivy`
- `docker run aquasec/trivy`
-- Download binary from https://github.com/aquasecurity/trivy/releases/latest/
+- Download binary from
+
+Trivy is integrated with many popular platforms and applications. The full list of integrations is available in the [Ecosystem] page. Here are a few popular options:
+
+- [GitHub Actions](https://github.com/aquasecurity/trivy-action)
+- [CircleCI](https://circleci.com/developer/orbs/orb/fifteen5/trivy-orb)
+- [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)
+- [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension)
### General usage
```bash
-trivy [--security-checks ] TARGET_NAME
+trivy [--security-checks ]
```
Examples:
```bash
-$ trivy image python:3.4-alpine
+trivy image python:3.4-alpine
```
@@ -65,7 +68,7 @@ https://user-images.githubusercontent.com/1161307/171013513-95f18734-233d-45d3-a
```bash
-$ trivy fs --security-checks vuln,secret,config myproject/
+trivy fs --security-checks vuln,secret,config myproject/
```
@@ -76,7 +79,7 @@ https://user-images.githubusercontent.com/1161307/171013917-b1f37810-f434-465c-b
```bash
-$ trivy k8s --report summary cluster
+trivy k8s --report summary cluster
```
@@ -86,37 +89,41 @@ $ trivy k8s --report summary cluster
-Note that you can also receive a detailed scan, scan only a specific namespace, resource and more.
-
-Find out more in the [Trivy Documentation][docs] - [Getting Started][getting-started]
-
-
## Highlights
- Comprehensive vulnerability detection
- - OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
- - **Language-specific packages** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
- - High accuracy, especially [Alpine Linux][alpine] and RHEL/CentOS
+ - OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
+ - **Language-specific packages** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
+ - High accuracy, especially [Alpine Linux][alpine] and RHEL/CentOS
- Supply chain security (SBOM support)
- - Support CycloneDX
- - Support SPDX
+ - Support CycloneDX
+ - Support SPDX
+ - Generating and Scanning SBOM
+ - Leveraging in-toto attestations
+ - Integrated with [Sigstore]
- Misconfiguration detection (IaC scanning)
- - Wide variety of security checks are provided **out of the box**
- - Kubernetes, Docker, Terraform, and more
- - User-defined policies using [OPA Rego][rego]
+ - Wide variety of security checks are provided **out of the box**
+ - Kubernetes, Docker, Terraform, and more
+ - User-defined policies using [OPA Rego][rego]
- Secret detection
- - A wide variety of built-in rules are provided **out of the box**
- - User-defined patterns
- - Efficient scanning of container images
+ - A wide variety of built-in rules are provided **out of the box**
+ - User-defined patterns
+ - Efficient scanning of container images
- Simple
- - Available in apt, yum, brew, dockerhub
- - **No pre-requisites** such as a database, system libraries, or eny environmental requirements. The binary runs anywhere.
- - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish instantaneously.
+ - Available in apt, yum, brew, dockerhub
+ - **No pre-requisites** such as a database, system libraries, or eny environmental requirements. The binary runs anywhere.
+ - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish instantaneously.
- Fits your workflow
- - **Great for CI** such as GitHub Actions, Jenkins, GitLab CI, etc.
- - Available as extension for IDEs such as vscode, jetbrains, vim
- - Available as extension for Docker Desktop, Rancher Desktop
- - See [integrations] section in the documentation.
+ - **Great for CI** such as GitHub Actions, Jenkins, GitLab CI, etc.
+ - Available as extension for IDEs such as vscode, jetbrains, vim
+ - Available as extension for Docker Desktop, Rancher Desktop
+ - See [Ecosystem] section in the documentation.
+
+## FAQ
+
+### How to pronounce the name "Trivy"?
+
+`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.
---
@@ -130,19 +137,20 @@ Contact us about any matter by opening a GitHub Discussion [here][discussions]
[go-report-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy
[release]: https://github.com/aquasecurity/trivy/releases
[release-img]: https://img.shields.io/github/release/aquasecurity/trivy.svg?logo=github
-[github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy/total?logo=github
+[github-downloads-img]: https://img.shields.io/github/downloads/aquasecurity/trivy/total?logo=github
[docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker&label=docker%20pulls%20%2F%20trivy
[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
[license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg
+[docs]: https://aquasecurity.github.io/trivy
+[pronunciation]: #how-to-pronounce-the-name-trivy
+[Installation]:https://aquasecurity.github.io/trivy/latest/getting-started/installation/
+[Ecosystem]: https://aquasecurity.github.io/trivy/latestecosystem/tools
-[getting-started]: https://aquasecurity.github.io/trivy/latest/getting-started/installation/
-[docs]: https://aquasecurity.github.io/trivy
-[integrations]:https://aquasecurity.github.io/trivy/latest/tutorials/integrations/
-[installation]:https://aquasecurity.github.io/trivy/latest/getting-started/installation/
-[releases]: https://github.com/aquasecurity/trivy/releases
[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
[rego]: https://www.openpolicyagent.org/docs/latest/#rego
+[sigstore]: https://www.sigstore.dev/
+
[aquasec]: https://aquasec.com
[oss]: https://www.aquasec.com/products/open-source-projects/
[discussions]: https://github.com/aquasecurity/trivy/discussions
diff --git a/docs/getting-started/installation.md b/docs/getting-started/installation.md
index d994a21b8ed..d2547146174 100644
--- a/docs/getting-started/installation.md
+++ b/docs/getting-started/installation.md
@@ -57,7 +57,7 @@ pacman -S trivy
You can use homebrew on macOS and Linux.
```bash
-brew install aquasecurity/trivy/trivy
+brew install trivy
```
## MacPorts
diff --git a/docs/getting-started/quickstart.md b/docs/getting-started/quickstart.md
deleted file mode 100644
index 7fb521a7f6e..00000000000
--- a/docs/getting-started/quickstart.md
+++ /dev/null
@@ -1,90 +0,0 @@
-# Quick Start
-
-## Prerequisites
-
-- Make sure to have the Trivy [CLI installed][installation]
-
-## Scan image for vulnerabilities and secrets
-
-Simply specify an image name (and a tag).
-
-```
-$ trivy image [YOUR_IMAGE_NAME]
-```
-
-For example:
-
-``` shell
-$ trivy image myimage:1.0.0
-2022-05-16T13:25:17.826+0100 INFO Detected OS: alpine
-2022-05-16T13:25:17.826+0100 INFO Detecting Alpine vulnerabilities...
-2022-05-16T13:25:17.826+0100 INFO Number of language-specific files: 0
-
-myimage:1.0.0 (alpine 3.15.3)
-
-Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 2)
-
-┌────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
-│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
-├────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
-│ busybox │ CVE-2022-28391 │ CRITICAL │ 1.34.1-r4 │ 1.34.1-r5 │ busybox: remote attackers may execute arbitrary code if │
-│ │ │ │ │ │ netstat is used │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-28391 │
-├────────────┤ │ │ │ │ │
-│ ssl_client │ │ │ │ │ │
-│ │ │ │ │ │ │
-│ │ │ │ │ │ │
-└────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘
-
-app/deploy.sh (secrets)
-
-Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)
-
-┌──────────┬───────────────────┬──────────┬─────────┬────────────────────────────────┐
-│ Category │ Description │ Severity │ Line No │ Match │
-├──────────┼───────────────────┼──────────┼─────────┼────────────────────────────────┤
-│ AWS │ AWS Access Key ID │ CRITICAL │ 3 │ export AWS_ACCESS_KEY_ID=***** │
-└──────────┴───────────────────┴──────────┴─────────┴────────────────────────────────┘
-```
-
-For more details, see [vulnerability][vulnerability] and [secret][secret] pages.
-
-## Scan directory for misconfigurations
-
-Simply specify a directory containing IaC files such as Terraform, CloudFormation, Azure ARM templates, Helm and Dockerfile.
-
-```
-$ trivy config [YOUR_IAC_DIR]
-```
-
-For example:
-
-``` shell
-$ ls build/
-Dockerfile
-$ trivy config ./build
-2022-05-16T13:29:29.952+0100 INFO Detected config files: 1
-
-Dockerfile (dockerfile)
-=======================
-Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
-Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
-
-MEDIUM: Specify a tag in the 'FROM' statement for image 'alpine'
-══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
-When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated.
-
-See https://avd.aquasec.com/misconfig/ds001
-──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- Dockerfile:1
-──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- 1 [ FROM alpine:latest
-──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
-```
-
-For more details, see [here][misconf].
-
-[installation]: ./installation.md
-[vulnerability]: ../docs/vulnerability/scanning/index.md
-[misconf]: ../docs/misconfiguration/scanning.md
-[secret]: ../docs/secret/scanning.md
diff --git a/docs/index.md b/docs/index.md
index 496ff71e6bd..de610bc4985 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -2,33 +2,72 @@
hide:
- toc
---
-
![logo](imgs/logo.png){ align=right }
-Trivy (tri pronounced like trigger, vy pronounced like envy) is a comprehensive security scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
+# Trivy Documentation
+
+👋 Welcome to Trivy Documentation! To help you get around, please notice the different sections at the top global menu:
+
+- You are currently in the [Getting Started] section where you can find general information and help with first steps.
+- In the [Tutorials] section you can find step-by-step guides that help you accomplish specific tasks.
+- In the [CLI] section you will find the complete reference documentation for all of the different features and settings that Trivy has to offer.
+- In the [Ecosystem] section you will find how Trivy works together with other tools and applications that you might already use.
+- In the [Contributing] section you will find instructions about developing Trivy, and contribution guidelines.
+
+# About Trivy
-Trivy has different scanners that look for different security issues, and different targets where it can find those issues.
+Trivy ([pronunciation][pronunciation]) is a comprehensive and versatile security scanner. Trivy has *scanners* that look for security issues, and *targets* where it can find those issues.
-Targets:
+Targets (what Trivy can scan):
- Container Image
- Filesystem
- Git repository (remote)
-- Kubernetes cluster or resource
+- Kubernetes
+- AWS
-Scanners:
+Scanners (what Trivy can find there):
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
-- IaC misconfigurations
+- IaC issues and misconfigurations
- Sensitive information and secrets
+- Software licenses
+
+## Quick Start
+
+### Get Trivy
+
+Trivy is available in most common distribution methods. The full list of installation options is available in the [Installation] page, here are a few popular options:
+
+- `apt-get install trivy`
+- `yum install trivy`
+- `brew install aquasecurity/trivy/trivy`
+- `docker run aquasec/trivy`
+- Download binary from
-It is designed to be used in CI. Before pushing to a container registry or deploying your application, you can scan your local container image and other artifacts easily.
-See [Integrations][integrations] for details.
+Trivy is integrated with many popular platforms and applications. The full list of integrations is available in the [Ecosystem] page. Here are a few popular options:
-Much more scanners and targets are coming up. [Join the Slack][slack] channel to stay up to date, ask questions, and let us know what features you would like to see.
+- [GitHub Actions](https://github.com/aquasecurity/trivy-action)
+- [CircleCI](https://circleci.com/developer/orbs/orb/fifteen5/trivy-orb)
+- [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)
+- [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension)
-Please see [LICENSE][license] for Trivy licensing information.
+
+### General usage
+
+```bash
+trivy [--security-checks ]
+```
+
+Examples:
+
+```bash
+trivy image python:3.4-alpine
+```
+
+
+Result
+
+
+```bash
+trivy fs --security-checks vuln,secret,config myproject/
+```
+
+
+Result
+
+
+
+```bash
+trivy k8s --report summary cluster
+```
+
+
+Result
+
Demo: Secret Detection
-[integrations]: ./tutorials/integrations/index.md
-[slack]: https://slack.aquasec.com
-[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
\ No newline at end of file
+
+
+## Highlights
+
+- Comprehensive vulnerability detection
+ - OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
+ - **Language-specific packages** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
+ - High accuracy, especially [Alpine Linux][alpine] and RHEL/CentOS
+- Supply chain security (SBOM support)
+ - Support CycloneDX
+ - Support SPDX
+ - Generating and Scanning SBOM
+ - Leveraging in-toto attestations
+ - Integrated with [Sigstore]
+- Misconfiguration detection (IaC scanning)
+ - Wide variety of security checks are provided **out of the box**
+ - Kubernetes, Docker, Terraform, and more
+ - User-defined policies using [OPA Rego][rego]
+- Secret detection
+ - A wide variety of built-in rules are provided **out of the box**
+ - User-defined patterns
+ - Efficient scanning of container images
+- Simple
+ - Available in apt, yum, brew, dockerhub
+ - **No pre-requisites** such as a database, system libraries, or eny environmental requirements. The binary runs anywhere.
+ - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish instantaneously.
+- Fits your workflow
+ - **Great for CI** such as GitHub Actions, Jenkins, GitLab CI, etc.
+ - Available as extension for IDEs such as vscode, jetbrains, vim
+ - Available as extension for Docker Desktop, Rancher Desktop
+ - See [Ecosystem] section in the documentation.
+
+## FAQ
+
+### How to pronounce the name "Trivy"?
+
+`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.
+
+---
+
+Trivy is an [Aqua Security][aquasec] open source project.
+Learn about our open source work and portfolio [here][oss].
+Contact us about any matter by opening a GitHub Discussion [here][discussions]
+
+[Ecosystem]: ./ecosystem/overview
+[Installation]: getting-started/installation/
+[pronunciation]: #how-to-pronounce-the-name-trivy
+
+[aquasec]: https://aquasec.com
+[oss]: https://www.aquasec.com/products/open-source-projects/
+[discussions]: https://github.com/aquasecurity/trivy/discussions
+
+[Tutorials]: ./tutorials/overview
+[CLI]: ./docs
+[Contributing]: ./contributing/issue
diff --git a/mkdocs.yml b/mkdocs.yml
index 0487db023b3..337e6028cc2 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -10,7 +10,6 @@ nav:
- Getting Started:
- Overview: index.md
- Installation: getting-started/installation.md
- - Quick Start: getting-started/quickstart.md
- Tutorials:
- Overview: tutorials/overview.md
- CI/CD: