# Trivy
Trivy is an open-source vulnerability scanner designed for containers and containerized applications. Trivy focuses on identifying security vulnerabilities in container images. It is a lightweight and easy-to-use tool that integrates into the development and deployment pipeline.
### Usage of Trivy in Delivery Shield
* Delivery Shield mandates security scans on images using Trivy. It connects with Trivy to see if the required version of the image has been scanned and if not done, Delivery Shield generates a security issue. It also triggers periodic vulnerability scans on the deployed images.
* Once the grype scan is done, Delivery Shield pulls container security scan results from grype, and this data is used to calculate the overall security status of the images and application, to generate alerts and remediation.
* Delivery Shield also pulls other scan results such as IAC configuration scan and secret scan and uses it to calculate the overall risk of the application. The scanned results are available in the [Vulnerability Management](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/vulnerability-management) page, **Artifact** section of the [DBOM](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/delivery-bill-of-materials-dbom) page, and the [View Open Security Issues](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/view-security-posture/view-open-security-issues) page.
* SSD imports SBOMs generated by Trivy and analyzes it to identify the supply chain security issues.
{% hint style="info" %}
Trivy is integrated as part of Delivery Shield. You need to just enable or disable it when required.
{% endhint %}
### To Manage Trivy:
1. Navigate to **Config** > **Integrations**.
2. In the **Artifact** panel, click **Trivy**.
3. The Trivy integration page is displayed.
4. Click **+New Account**. In the popup that appears:
3. Enable the **Vulnerability Scan, License Scan for Source, License Scan for Containers, Secret Scan for Containers, Secret Scan for Source Code** and **Helm Scan** toggle button as required.
4. Select the **Teams** and the corresponding **Environments** from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.
You can select up to 5 teams for the integration to be displayed.
* An example is given below for reference:
* In the example above,
* if **Team 1**, **Team 2**, and **Team 3** are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as **Team 4**, will not have access to this account.
* Even if the user who created this account is also an admin for **Team 4**, the integration account remains restricted and is not available for **Team 4**.
* Access to the account is strictly limited to the specified **Teams** and **Environments** selected during account creation.
* **For Organization Admins:**
* When an **Organization Admin** creates an account without selecting specific **Teams** and **Environments**, the account will be universally applicable, granting access to **all teams** and **all environments** by default.
* **For Team Admins with Multiple Teams:**
* If a **Team Admin** who manages multiple teams creates an account without specifying particular **Teams** and **Environments**, the account will only be accessible to the teams for which the logged-in user holds admin privileges.
5. Click **Save**. The tool is connected.
6. You can edit the entered values by clicking the **Edit** option:
7. Reset the scan options as required and click **Update**.
The new setting gets updated.
\
\
\
