Bernard Pietraga

Scan Docker container images without logging into any solution

Grype & Trivy - Scan Docker Images - Security, Pixel art whale

Sometimes you want a quick check for any CVE in the Docker image. You are in some Linux machine. You don’t want to use docker scan which is based on Snyk and requires login. Well, you can use the Trivy. It is free, has Apache 2.0 License. Additionally, the tool works with the Terraform code and Linux os. It is not a check providing 100% information about all the issues but a good starting point.

trivy image alpine:latest

Another option is to use the achore/grype. It provides similar functionality covering the scanning of the containers. if the image is created using a multilayer build this tool provides a way to check all the layers.

grype debian:stable --scope all-layers