Aqua Security unveils Trivy Partner Connect to boost open source

Aqua Security has announced the launch of the Trivy Partner Connect programme to foster the commercial ecosystem supporting Trivy, its open source security scanner.

Trivy is widely deployed by developers and security teams for vulnerability and misconfiguration scanning, accumulating over 100 million annual downloads and millions of active monthly users. The new partner programme introduces a structured path for commercial vendors to build, integrate, and collaborate around Trivy's capabilities.

Programme structure

Trivy Partner Connect offers three levels of partnership: Certified, Core, and Advisor. Certified partners integrate directly with Trivy and meet trademark and marketing standards. The Core tier involves deeper engineering collaboration and influence on the product's roadmap. Advisor partners contribute vulnerability data or enrichment services, supporting broader security coverage for the community.

The programme is designed to support both OEM partners—who embed Trivy in their own solutions—and ecosystem partners, who build complementary products and integrations. OEM partners can leverage Trivy's detection capabilities, including vulnerability scanning, misconfiguration discovery, secrets detection, license checks, and software bill of materials (SBOM) creation. Commercial licensing, technical validation, priority support, and collaboration opportunities are highlighted as core benefits.

Ecosystem partners are able to access Trivy's large open source user base, integrate seamlessly into enterprise environments, and participate in joint marketing efforts. The collaboration aims to ensure that partners' solutions are tested for interoperability and aligned with the ongoing development of Trivy.

"Trivy Partner Connect represents our commitment to the millions of developers and security teams who rely on Trivy around the world every day," said Itay Shakury, VP of Open Source at Aqua Security. "For our global community of users, this programme ensures continued investment in reliability and cutting-edge capabilities they've come to expect from the world's most popular security scanner. For our partners, Partner Connect provides a path to influence the roadmap, access priority support, and reach Trivy's massive global user base. Together, we're not just building an open source tool, we're building a more secure future."

Early partners and user benefits

The first two members of Trivy Partner Connect are Echo and Minimus, both offering secure-by-design container images to the Trivy user community. Echo provides base images that are vulnerability-free, automatically patched, hardened, and validated for Federal Information Processing Standards (FIPS). These images are intended for straightforward adoption within enterprise environments and are compatible with existing operating systems and security scanners such as Trivy.

Eilon Elhadad, CEO and Co-Founder of Echo, commented on Echo's participation in the programme saying, "Echo is built for enterprise teams ready to tackle the underlying cause of vulnerability management, rather than simply treating its symptoms. Through AI agents, we deliver CVE-free images that are built clean and kept clean. Joining Trivy Partner Connect allows us to amplify our impact, reach security-conscious users globally through the tool they already use, and enable engineers to focus on revenue-driving development rather than trying to fix vulnerabilities in code they didn't even write."

Minimus delivers container and virtual machine images aimed at reducing Common Vulnerabilities and Exposures (CVEs) by 95% compared with standard images. These images are rebuilt daily for security and include application-specific hardening, real-time exploit intelligence, and support for FIPS and Security Technical Implementation Guide (STIG) workloads.

John Morello, CTO and Co-Founder of Minimus, said, "Trivy has earned enormous trust in the open source community. By partnering with Trivy, we're making it easier than ever to eliminate vulnerabilities at the earliest stages of development. As a Trivy Connect partner, we can reach that audience with a shared mission of eliminating vulnerabilities before they exist. The radical reduction in CVEs Minimus images provide, combined with Trivy's comprehensive container visibility radically accelerates detection and remediation for security and development teams."

Community and development impact

Trivy's open approach remains unchanged, with users able to access its vulnerability and misconfiguration scanning capabilities in the same manner as before. The addition of commercial partners is intended to accelerate innovation while expanding coverage across supported platforms and integrations. Companies contributing via the partner programme gain the ability to influence product direction while reinforcing Trivy's open source foundation.

Aqua Security is aiming to strengthen long-term open source sustainability through this programme by supporting collaborative development and providing clarity on commercial licensing for all partners.

"This programme represents our commitment to sustainable open source development," said Itay. "By creating structured commercial partnerships, we can accelerate Trivy's capabilities while ensuring the health and growth of our community."

The Trivy Partner Connect programme is positioned as open and continually expanding, with Aqua Security inviting further organisations to join as contributors, partners, or service providers within the initiative.