AI Skills for

Technical Direction

AI tools that help you review architecture decisions, scan for security risks before they ship, manage tech debt with data instead of guesswork, respond to incidents faster, and keep your technology radar current.

Screenshots coming soon

About

A comprehensive security scanner that detects vulnerabilities in OS packages and language-specific dependencies, misconfigurations in Terraform, CloudFormation, Helm, and Dockerfiles, exposed secrets in code and config, and license compliance issues. Generates SBOMs in SPDX and CycloneDX formats. Scans container images, filesystems, git repos, and Kubernetes clusters. Over 100 million annual downloads. Integrates with GitHub Actions, GitLab CI, Jenkins, and every major CI/CD platform. One binary, zero config — runs instantly with no database setup.

Permissions

File system (read — source code and config scanning)Container runtime (read — image scanning)

Security & Risk Assessment

Trivy

🏆#1 Skill for Marketers

The most comprehensive open source security scanner — vulnerabilities, misconfigurations, secrets, and SBOMs across containers, repos, IaC, and Kubernetes

Aqua Security

Cloud native security company. Creators of Trivy, the most widely adopted open source security scanner.

Open Source32K+ Stars

0downloads

0(0 reviews)

Open Source

Runs Locally

No Data Collection

Community Vetted

CI/CD Integrated

What engineering managers are saying

Mar 18, 2026

“We added Trivy to our CI pipeline in an afternoon. First scan caught 14 critical CVEs in base images we'd been shipping for months. The zero-config setup means I didn't need to fight for engineering time to get security scanning in place.”

Daniel Ortiz

Engineering Manager, Healthcare SaaS

Mar 10, 2026

“What sets Trivy apart is the breadth — one tool covers container images, IaC misconfigs, exposed secrets, and license compliance. Before this we had four different scanners with four different dashboards. Now it's one binary in every pipeline.”

Lisa Huang

Platform Engineering Lead

Mar 1, 2026

“The IaC scanning sold my team. We caught Terraform misconfigurations — publicly accessible S3 buckets, overly permissive security groups — that would have failed our SOC2 audit. It runs in seconds, not minutes.”

Raj Krishnamurthy

VP Engineering, Fintech Startup

Feb 22, 2026

“I use Trivy's SBOM generation for compliance reporting — auditors love that I can produce a full software bill of materials in one command. The fact that it's open source and runs locally means legal had zero concerns about sending code to a third party.”

Katarina Novak

Engineering Director, E-commerce

Also recommended

Architecture Reviewer

Review RFCs, design docs, and architecture proposals — surfaces gaps in scalability, reliability, and security before your team starts building

AIWise

Architecture Review

CodeScene Community

Behavioral tech debt analysis — identifies the code that actually causes friction by analyzing change patterns, not just static metrics

CodeScene

Tech Debt Management

Grafana Cloud IRM

Full incident response management — on-call scheduling, incident timelines, postmortems, and Slack integration — free for up to 3 users

Grafana Labs

Incident Response

Tech Radar Generator

Auto-generates a technology radar from your codebase — scans dependencies, configs, and infrastructure to show what your team actually uses, with adopt/hold/deprecate recommendations

AIWise

Platform & Tooling Decisions