aquasecurity · survivant · Oct 5, 2025
@@ -53,9 +53,9 @@ Trivy is integrated with many popular platforms and applications. The complete l
 - See [Ecosystem] for more
 
 ### Canary builds
-There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) as generated every push to main branch.
+There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) generated with every push to the main branch.
 
-Please be aware: canary builds might have critical bugs, it's not recommended for use in production.
+Please be aware: canary builds might have critical bugs, so they are not recommended for use in production.
 
 ### General usage
 

@@ -2,9 +2,10 @@
 
 ## Supported Versions
 
-This is an open source project that is provided as-is without warrenty or liability.  
-As such no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.
+This is an open source project that is provided as-is without warranty or liability.
+As such, there is no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.
 
 ## Reporting a Vulnerability
 
-Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab). 
+Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).
+
@@ -3,7 +3,7 @@ Thank you for taking interest in contributing to Trivy!
 1. Every Pull Request should have an associated GitHub issue link in the PR description. Note that issues are created by Trivy maintainers based on feedback provided in a GitHub discussion. Please refer to the [issue](./issue.md) and [discussion](./discussion.md) pages for explanation about this process. If you think your change is trivial enough, you can skip the issue and instead add justification and explanation in the PR description.
 1. Your PR is more likely to be accepted if it focuses on just one change.
 1. There's no need to add or tag reviewers.
-1. If a reviewer commented on your code or asked for changes, please remember to respond with comment. Do not mark discussion as resolved. It's up to reviewer to mark it resolved (in case if suggested fix addresses problem properly). PRs with unresolved issues should not be merged (even if the comment is unclear or requires no action from your side).
+1. If a reviewer commented on your code or asked for changes, please remember to respond with a comment. Do not mark the discussion as resolved. It's up to the reviewer to mark it resolved (in case the suggested fix addresses the problem properly). PRs with unresolved issues should not be merged (even if the comment is unclear or requires no action from your side).
 1. Please include a comment with the results before and after your change.
 1. Your PR is more likely to be accepted if it includes tests (We have not historically been very strict about tests, but we would like to improve this!).
 1. If your PR affects the user experience in some way, please update the README.md and the CLI help accordingly.

@@ -1,7 +1,7 @@
 # Connectivity and Network considerations
 
-Trivy requires internet connectivity in order to function normally. If your organizations blocks or restricts network traffic, that could prevent Trivy from working correctly.
-This document explains Trivy's network connectivity requirements, and how to configure Trivy to work in restricted networks environments, including completely air-gapped environments.
+Trivy requires internet connectivity in order to function normally. If your organization blocks or restricts network traffic, that could prevent Trivy from working correctly.
+This document explains Trivy's network connectivity requirements, and how to configure Trivy to work in restricted network environments, including completely air-gapped environments.
 
 The following table lists all external resources that are required by Trivy:
 
@@ -47,7 +47,7 @@ Checks Bundle is embedded in the Trivy binary (at build time), and will be used
 
 ### Connectivity Requirements
 
-VEX Hub is hosted as at <https://github.com/aquasecurity/vexhub>.
+VEX Hub is hosted at <https://github.com/aquasecurity/vexhub>.
 
 Trivy is fetching VEX Hub GitHub Repository directly using simple HTTPS requests.
 
@@ -64,7 +64,7 @@ You can host a copy of VEX Hub on your own internal server. Please refer to the
 
 ## Maven Central / Remote Repositories
 
-Trivy might call out to Maven central or other remote repositories to fetch in order to correctly identify Java packages during a vulnerability scan.
+Trivy might call out to Maven Central or other remote repositories in order to correctly identify Java packages during a vulnerability scan.
 
 ### Connectivity requirements
 

@@ -12,12 +12,12 @@ Compliance report is currently supported in the following targets (trivy sub-com
 - `trivy image`
 - `trivy k8s`
 
-Add the `--compliance` flag to the command line, and set it's value to desired report.
+Add the `--compliance` flag to the command line, and set its value to the desired report.
 For example: `trivy k8s cluster --compliance k8s-nsa` (see below for built-in and custom reports)
 
 ### Options
 
-The following flags are compatible with `--compliance` flag and allows customizing it's output:
+The following flags are compatible with the `--compliance` flag and allow customizing its output:
 
 | flag               | effect                                                                               |
 |--------------------|--------------------------------------------------------------------------------------|
@@ -28,8 +28,8 @@ The following flags are compatible with `--compliance` flag and allows customizi
 
 ## Built-in compliance
 
-Trivy has a number of built-in compliance reports that you can asses right out of the box.
-to specify a built-in compliance report, select it by ID like `trivy --compliance <compliance_id>`.
+Trivy has a number of built-in compliance reports that you can assess right out of the box.
+To specify a built-in compliance report, select it by ID like `trivy --compliance <compliance_id>`.
 
 For the list of built-in compliance reports, please see the relevant section:
 
@@ -264,7 +264,7 @@ You can create your own custom compliance report. A compliance report is a simpl
 
 ```yaml
 spec:
-  id: "k8s-myreport" # report unique identifier. this should not container spaces.
+  id: "k8s-myreport" # report unique identifier. this should not contain spaces.
   title: "My custom Kubernetes report" # report title. Any one-line title.
   description: "Describe your report" # description of the report. Any text.
   relatedResources :

@@ -86,7 +86,7 @@ If you want to use TLS with Redis, you can enable it by specifying the `--redis-
 $ trivy server --cache-backend redis://localhost:6379 --redis-tls
 ```
 
-Trivy also supports for connecting to Redis with your certificates.
+Trivy also supports connecting to Redis with your certificates.
 You need to specify `--redis-ca` , `--redis-cert` , and `--redis-key` options.
 
 ```

@@ -62,7 +62,7 @@ For example:
 trivy image --db-repository registry.gitlab.com/gitlab-org/security-products/dependencies/trivy-db alpine
 ```
 
-The flags accepts multiple values, which can be used to specify multiple alternative repository locations. In case of a transient errors (e.g. status 429 or 5xx), Trivy will fall back to alternative registries in the order specified.
+The flag accepts multiple values, which can be used to specify multiple alternative repository locations. In case of transient errors (e.g. status 429 or 5xx), Trivy will fall back to alternative registries in the order specified.
 
 For example:
 
@@ -72,8 +72,8 @@ trivy image --db-repository my.registry.local/trivy-db --db-repository registry.
 
 The Checks Bundle registry location option does not support fallback through multiple options. This is because in case of a failure pulling the Checks Bundle, Trivy will use the embedded checks as a fallback.
 
-!!! note 
-    Setting the repository location flags override the default values which include the official db locations. In case you want to preserve the default locations, you should include them in the list the you set as repository locations.
+!!! note
+    Setting the repository location flags overrides the default values which include the official db locations. In case you want to preserve the default locations, you should include them in the list you set as repository locations.
 
 !!!note
     When pulling `trivy-db` or `trivy-java-db`, if image tag is not specified, Trivy defaults to the db schema number instead of the `latest` tag.

@@ -9,7 +9,7 @@ Trivy's settings can be configured in any of the following methods, which will a
 You can view the list of available flags by adding the `--help` flag to a Trivy command, or by exploring the [CLI reference](../references/configuration/cli/trivy.md).
 
 ## Environment Variables
-Any CLI option can be set as an environment variable. The environment variable name are similar to the CLI option name, with the following augmentations:
+Any CLI option can be set as an environment variable. The environment variable names are similar to the CLI option names, with the following augmentations:
 
 - Add `TRIVY_` prefix
 - All uppercase letters

@@ -10,7 +10,7 @@
     analyze error: timeout: context deadline exceeded
     ```
 
-Your scan may time out. Java takes a particularly long time to scan. Try increasing the value of the ---timeout option such as `--timeout 15m`.
+Your scan may time out. Java takes a particularly long time to scan. Try increasing the value of the `--timeout` option such as `--timeout 15m`.
 
 ### Unable to initialize an image scanner
 

@@ -2,7 +2,7 @@
 
 Trivy scans any container image for license files and offers an opinionated view on the risk associated with the license.
 
-License are classified using the [Google License Classification][google-license-classification] -
+Licenses are classified using the [Google License Classification][google-license-classification] -
 
  - Forbidden
  - Restricted 
@@ -33,7 +33,7 @@ To configure the confidence level, you can use `--license-confidence-level`. Thi
 |       Standard        |   ✅   |   ✅    | ✅[^1][^2]  | ✅[^1][^2]  |  ✅   |
 | Full (--license-full) |   ✅   |   ✅    |     ✅      |     ✅      |  -   |
 
-License checking classifies the identified licenses and map the classification to severity.
+License checking classifies the identified licenses and maps the classification to severity.
 
 | Classification | Severity |
 | -------------- | -------- |
@@ -136,7 +136,7 @@ Total: 6 (UNKNOWN: 4, HIGH: 0, CRITICAL: 2)
 
 ## Configuration
 
-Trivy has number of configuration flags for use with license scanning;
+Trivy has a number of configuration flags for use with license scanning:
 
 ### Ignored Licenses
 
@@ -353,7 +353,7 @@ license:
     - "text://Text of Apache Software Foundation License"
 ```
 
-But a text license can by large. So for these cases Trivy supports using `regex` in license classification.
+But a text license can be large. So for these cases, Trivy supports using `regex` in license classification.
 For example:
 ```yaml
 license:

@@ -312,7 +312,7 @@ Failures: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)
 ```
 
 ## External connectivity
-Trivy needs to connect to the internet to download the checks bundle. If you are running Trivy in an air-gapped environment, or an tightly controlled network, please refer to the [Advanced Network Scenarios document](../../advanced/air-gap.md).
+Trivy needs to connect to the internet to download the checks bundle. If you are running Trivy in an air-gapped environment, or a tightly controlled network, please refer to the [Advanced Network Scenarios document](../../advanced/air-gap.md).
 
 ## Configuration
 More misconfiguration scanning specific configurations can be found [here](../misconfiguration/config/config.md).

@@ -1,6 +1,6 @@
 # Secret Scanning
 
-Trivy scans any container image, filesystem and git repository to detect exposed secrets like passwords, api keys, and tokens.
+Trivy scans any container image, filesystem, and git repository to detect exposed secrets like passwords, API keys, and tokens.
 Secret scanning is enabled by default.
 
 Trivy will scan every plaintext file, according to builtin rules or configuration. Also, Trivy can detect secrets in compiled Python files (`.pyc`).
@@ -233,7 +233,7 @@ disable-allow-rules:
 
 ## Recommendation
 We would recommend specifying `--skip-dirs` for faster secret scanning.
-In container image scanning, Trivy walks the file tree rooted  `/` and scans all the files other than [built-in allowed paths][builtin-allow].
+In container image scanning, Trivy walks the file tree rooted at `/` and scans all the files other than [built-in allowed paths][builtin-allow].
 It will take a while if your image contains a lot of files even though Trivy tries to avoid scanning layers from a base image.
 If you want to make scanning faster, `--skip-dirs` and `--skip-files` helps so that Trivy will skip scanning those files and directories.
 You can see more options [here](../configuration/others.md).

@@ -238,7 +238,7 @@ search in Containerd. If the image is not found there either, the scan will
 fail and no more image sources will be searched.
 
 ### Docker Engine
-Trivy tries to looks for the specified image in your local Docker Engine.
+Trivy tries to look for the specified image in your local Docker Engine.
 It will be skipped if Docker Engine is not running locally.
 
 If your docker socket is not the default path, you can override it via `DOCKER_HOST`.
@@ -248,7 +248,7 @@ If your docker socket is not the default path, you can override it via `DOCKER_H
 !!! warning "EXPERIMENTAL"
     This feature might change without preserving backwards compatibility.
 
-Trivy tries to looks for the specified image in your local [containerd](https://containerd.io/).
+Trivy tries to look for the specified image in your local [containerd](https://containerd.io/).
 It will be skipped if containerd is not running locally.
 
 Specify your image name in containerd running locally.

@@ -39,7 +39,7 @@ trivy k8s --report summary
 ```
 
 !!! note "JSON result for multi-container pods"
-    For multi-container pods, it may be challenging to associate results with specific images in the json summary report. Kubernetes treats a pod as a single object, so individual images within the pod aren’t distinguished. 
+    For multi-container pods, it may be challenging to associate results with specific images in the JSON summary report. Kubernetes treats a pod as a single object, so individual images within the pod aren't distinguished.
     For detailed information, please use the `--report all` option.
 
 By default Trivy will look for a [`kubeconfig` configuration file in the default location](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/), and use the default cluster that is specified.  

@@ -9,7 +9,7 @@ Trivy is available in most common distribution channels. The complete list of in
 - Download binary from [GitHub Release](https://github.com/aquasecurity/trivy/releases/latest/)
 - See [Installation](./installation.md) for more
 
-Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem](../ecosystem/index.md) page. Here are a few popular options examples:
+Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem](../ecosystem/index.md) page. Here are a few popular examples:
 
 - [GitHub Actions](https://github.com/aquasecurity/trivy-action)
 - [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)
@@ -26,7 +26,7 @@ trivy <target> [--scanners <scanner1,scanner2>] <subject>
 
 ### Examples
 
-Scan a container image from registry, with the default scanner which is Vulnerabilities scanner:
+Scan a container image from a registry with the default scanner, which is the Vulnerabilities scanner:
 
 ```bash
 trivy image python:3.4-alpine
@@ -58,10 +58,10 @@ For a more complete introduction, check out the basic Trivy Demo: <https://githu
 
 ## Learn more
 
-Now that you up and ready, here are some resources to help you deepen your knowledge:
+Now that you are up and ready, here are some resources to help you deepen your knowledge:
 
 - Learn more about Trivy's capabilities by exploring the complete [documentation](../docs/index.md).
-- Explore community questions and under [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions).
+- Explore community questions under [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions).
 - Stay up to date by watching for [New Releases & Announcements](https://github.com/aquasecurity/trivy/discussions/categories/announcements).
 - Follow Trivy on Twitter/X: [@aquatrivy](https://x.com/aquatrivy)
 - Explore and subscribe to our YouTube channel [@AquaSecOSS](http://youtube.com/@aquasecoss)

@@ -31,7 +31,7 @@ Download the required tarball, associated signature and certificate files from t
 Use the following command for keyless verification:
 
 ```shell
-cosign verify-blob <path to binray> \
+cosign verify-blob <path to binary> \
 --certificate <path to cert> \
 --signature <path to sig> \
 --certificate-identity-regexp 'https://github\.com/aquasecurity/trivy/\.github/workflows/.+' \

@@ -6,8 +6,8 @@ In this section you can find step-by-step guides that help you accomplish specif
 
 ## Adding tutorials
 
-You are welcome to create tutorials and showcase them here. Tutorials can be either included in here as full articles, or included as external links under [external community resources][community-resources]. 
-Before sending PR, please first create an issue (of kind "Documentation") and describe the suggestion, if it's external link or article, and what category it's under.
+You are welcome to create tutorials and showcase them here. Tutorials can be either included in here as full articles, or included as external links under [external community resources][community-resources].
+Before sending a PR, please first create an issue (of kind "Documentation") and describe the suggestion, whether it's an external link or article, and what category it's under.
 
 Guidelines:
 

@@ -103,7 +103,7 @@ $ helm install my-release . \
 
 ## Storage
 
-This chart uses a PersistentVolumeClaim to reduce the number of database downloads between POD restarts or updates. The storageclass should have the reclaim policy  `Retain`.
+This chart uses a PersistentVolumeClaim to reduce the number of database downloads between POD restarts or updates. The storageclass should have the reclaim policy `Retain`.
 
 ## Caching
 

@@ -2,12 +2,12 @@
 
 # MySQL packaged by Bitnami
 
-MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications.
+MySQL is a fast, reliable, scalable, and easy-to-use open source relational database system designed to handle mission-critical, heavy-load production applications.
 
 [Overview of MySQL](http://www.mysql.com)
 
 Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
-                           
+
 ## TL;DR
 
 ```bash