Trivy
(tri
pronounced like trigger, vy
pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. Trivy
detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.).
It is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily.
Takže pokud to s kontejnarizací myslíte vážně a aspň trochu se obáváte o svou síťovou bezpečnost, pak Trivy, pro svou jednoduchost a CI podporu, by vás nemělo minout.