# OpenCLI Agent Pack: Trivy

Use this when an AI agent needs to work with `trivy`.

## What this CLI is for
The official CLI from Aqua Security. Image scanning, vulns, and iac checks from the terminal. Supports structured output — good for scripts and agents.

Best for: image scanning, vulns, and iac checks from the terminal.

## Agent readiness
Great for agents (75/100)
- Structured output is available for parsing.
- Supports non-interactive/scripted use.
- Works well in CI or repeatable automation.

## Install
```sh
brew install trivy
```

## Verify before real work
```sh
trivy --version
```
Expected signal: trivy responds locally and is ready for the first real command.

## Safe starting commands
```sh
trivy --version
```

```sh
trivy image node:20
```

## Guardrails for agents
- Run the verify command first.
- Summarize findings before taking actions with side effects.

## Suggested agent instruction
You may use Trivy (`trivy`) for image scanning, vulns, and iac checks from the terminal.. First install it if missing, then run the verify command. Start with read-only or inspection commands. Summarize what you found before changing anything. Ask for confirmation before commands that mutate remote state, spend money, deploy, delete data, merge code, or expose secrets.

Source: OpenCLI