Sometimes you want a quick check for any CVE in the Docker image. You are in some Linux machine. You don’t want to use
docker scan which is based on Snyk and requires login. Well, you can use the Trivy. It is free, has Apache 2.0 License. Additionally, the tool works with the Terraform code and Linux os. It is not a check providing 100% information about all the issues but a good starting point.
trivy image alpine:latest
Another option is to use the achore/grype. It provides similar functionality covering the scanning of the containers. if the image is created using a multilayer build this tool provides a way to check all the layers.
grype debian:stable --scope all-layers