AI security
Prompt injection, embedding leakage, agent over-privilege, MCP server hardening, AI taint flow, AIBOM. Trivy doesn't scan any of these.
Compare · Nox + Trivy
Nox + Trivy: coexist, don't replace.
Trivy is the container scanner most teams already run. Nox covers what Trivy doesn't: AI security families, broader IaC, AIBOM, cross-file taint, and a cosign-signed plugin marketplace. The right answer is to run both — Trivy for image layers, Nox for everything else.
Capability map
Trivy feature → Nox equivalent
| Trivy | Nox | Notes |
|---|---|---|
| Container image scanning | core CONT-* + nox/container (22 rules) | Trivy still leads here; pair them |
| Filesystem scanning | core (160 secrets, 369 IaC, 21 AI, 12 PII) | Nox covers more rule families per pass |
| IaC scanning | 369 rules: TF, K8s, Dockerfile, GHA, Ansible, Kustomize, Serverless | Broader than Trivy IaC |
| SBOM (CycloneDX/SPDX) | CycloneDX + SPDX + AIBOM v2.0 | Nox adds AIBOM (AI components) |
| Vulnerability database | OSV.dev | Trivy uses Aqua + GHSA + Red Hat. Trivy DB more comprehensive for CVEs |
| AI security | first-class — LLM01/06/07 + MCP + cross-file AI taint | Trivy has no AI security coverage |
| SAST | core SEC-* + nox/sast | Trivy SAST is basic; Nox covers more vuln classes |
| Plugin model | cosign-signed marketplace, manifest-driven | Trivy plugins exist but no signing model |
| MCP / agent integration | native (10 read-only tools) | Trivy has no agent surface |
| Pricing | $0, Apache 2.0 | Trivy free, Aqua paid tier exists |
Why add Nox
What Nox covers that Trivy doesn't
Broader IaC + SAST in one pass
Trivy excels at images. Nox covers IaC, SAST, secrets, AI security, and dependencies in a single deterministic scan with 717 rules.
Cosign-signed plugin marketplace
Every official plugin verified via Sigstore keyless OIDC. Trivy has plugins but no supply-chain integrity model.
Manifest-driven plugins (.nox.yaml)
Pin a verified plugin set per repo. Anyone cloning gets the same scanners on first run.
Keep Trivy where it shines
Trivy strengths to preserve
Container scanning depth
Trivy is mature for layer-by-layer image scanning. If you scan production container images, keep Trivy as the image scanner.
Vulnerability research
Aqua's CVE database integrates GHSA, NVD, Red Hat, Alpine, Debian, Ubuntu, Amazon Linux, Wolfi, etc. Nox uses OSV (good but narrower). For container CVE coverage, Trivy still wins.
Established CI presence
Trivy is a default in many GitHub Actions / GitLab CI templates. Don't rip it out — let Nox cover the layers Trivy doesn't.
Recommended stack
Run Nox + Trivy in CI
# .github/workflows/security.yml — Nox + Trivy together
- name: Trivy (container)
uses: aquasecurity/trivy-action@v0.x.x
with:
image-ref: ghcr.io/myorg/myapp:latest
format: sarif
output: trivy.sarif
- name: Nox (everything else)
uses: nox-hq/nox@v0.9.5
with:
path: '.'
format: sarif
annotate: 'true'
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif