Watch / Rawkode Live 1:08:25
Live · Tutorial · Rawkode Live

Hands-on Introduction to Trivy

1:08:25
§ Overview

About this video

What You'll Learn

  1. Scan container images for missing patches and unfixed vulnerabilities before pushing.
  2. Use Trivy on Terraform and Kubernetes manifests to catch misconfigurations early.
  3. Integrate scans into GitHub Actions and sign container builds with cosign.

Rory McCune joins to demo Trivy, Aqua Security's scanner for container images, filesystems, Git repos, Kubernetes manifests, and Terraform. Hands-on installation, image scanning, IaC checks, plus a GitHub Actions pipeline that signs builds with cosign.

§ Technologies featured
Trivy Trivy Docker Docker Kubernetes Kubernetes Terraform Terraform sigstore sigstore

Meet the Cast

David Flanagan HOST

David Flanagan

@rawkode

Rory McCune GUEST

Rory McCune

@raesene

Weekly Cloud Native insights

Stay ahead in cloud native

Tutorials, deep dives, and curated events. No fluff.

More from Rawkode Live

View all 173 episodes
Hands-on Introduction to Odin
Upcoming

Hands-on Introduction to Odin

Hands-on Introduction to Iroh
Upcoming

Hands-on Introduction to Iroh

Hands-on Introduction to Yoke
1:15:06

Hands-on Introduction to Yoke

Hands-on Introduction to sympozium
1:31:50

Hands-on Introduction to sympozium

Friday, January 23rd, 2026 - Chevron7
44:26

Friday, January 23rd, 2026 - Chevron7

Hands-on Introduction to jujutsu (jj)
1:01:55

Hands-on Introduction to jujutsu (jj)

More about Docker

View all 36 videos
Flatcar Linux: A Modern OS for the Always-On Infrastructure
51:20

Flatcar Linux: A Modern OS for the Always-On Infrastructure

Hands-on with Qovery
1:17:08

Hands-on with Qovery

Hands-on with Daytona
56:00

Hands-on with Daytona

Kubernetes

More about Kubernetes

View all 172 videos
Hands-on Introduction to Yoke
1:15:06

Hands-on Introduction to Yoke

Navigating Kairos: Immutable Operating Systems with a Cloud Native Twist
39:59

Navigating Kairos: Immutable Operating Systems with a Cloud Native Twist

Kubernetes Security Scanning: The 4 Tools You Actually Need
18:37

Kubernetes Security Scanning: The 4 Tools You Actually Need

Terraform

More about Terraform

View all 12 videos
Fuck you, Hashicorp ... an IBM Company.
6:43

Fuck you, Hashicorp ... an IBM Company.

Atlantis: The Terraform Automation Powerhouse
39:31

Atlantis: The Terraform Automation Powerhouse

From Kubernetes to Cloud Run: Chainguard's Journey
56:11

From Kubernetes to Cloud Run: Chainguard's Journey

More about sigstore

View technology
Supply Chain Security with a CLI: valint
14:44

Supply Chain Security with a CLI: valint

Building & Running Spin Applications with Docker
8:08

Building & Running Spin Applications with Docker

Hands-on Introduction to sigstore
1:08:18

Hands-on Introduction to sigstore