https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/Recent content in Working with Container Image Scanners onHugo -- gohugo.ioen-USMon, 17 Jun 2024 08:49:15 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/false-results/Thu, 14 Sep 2023 16:59:04 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/false-results/A vulnerability scanner is a tool that analyzes your software components and reports any CVEs it finds. Using a vulnerability scanner to find CVEs that impact your system is a critical step in software vulnerability remediation, but as you begin to triage scanner-reported vulnerabilities, you may find that your scanner’s results are not perfectly accurate. The goal of a vulnerability scanner is to identify the vulnerabilities that impact your container images, which can be considered true positive vulnerabilities.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/grype-tutorial/Thu, 06 Jun 2024 20:00:00 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/grype-tutorial/Grype is a vulnerability scanner for container images and filesystems developed and maintained by Anchore and written in the Go programming language. Grype can scan from Docker, OCI, Singularity, podman, image archives, and local directory. Grype is compatible with SBOMs generated by Syft, and Grype’s vulnerability database draws from a wide variety of sources. Grype is appropriate for one-off detection for manual CVE mitigation and in automated use in CI pipelines.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/trivy-tutorial/Wed, 03 Jul 2024 20:00:00 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/trivy-tutorial/Trivy is a vulnerability scanner for a wide variety of software artifacts and deployments. Trivy is written in the Go programming language and is maintained by Aqua Security. Trivy targets container images, VMs, filesystems, remote GitHub repositories, and Kubernetes and Amazon Web Services deployments. The tool can be used to detect known vulnerabilities (CVEs), generate SBOMs, analyze licenses, and scan for misconfigurations and exposed secrets. Trivy can be installed from package managers or as a binary, and can also be run as a container image.