-
Notifications
You must be signed in to change notification settings - Fork 0
Container Image Scans
The container image running inside the "sandbox solution" (Docker, Podman or Lima) needs to be protected:
- Coding practices
- Dockerfile security guidelines
- Software dependencies
- Bundled Linux packages versions
- etc.
TL;DR: This page is about container image vulnerability scans, those vulnerabilities are usually related to software libraries.
Trivy from Aqua Security is a decent tool for finding container image vulnerabilities.
Need another tool to balance the information reported (or missed) by Trivy.
- There might be vulnerabilities not found by
Trivy, due to removing data used in "marker files" - The container image is trimmed to be as small as possible which might
exposelimitations of few basic scanners- Scanners might try looking at files that have been deleted
- Scanners might try invoking commands that have been removed from the filesystem
Below is an example of how Trivy can be run.
podman run docker.io/aquasec/trivy image docker.io/uycyjnzgntrn/entrusted_container:0.2.5 > scan.log
Between each release, dated vulnerability assessments will be performed against the Entrusted container image.
The results will be published on this page in the assessments section.
The report below was generated on 2024-01-30 with Trivy.
entrusted_container_0.3.2.20240130.log
The report below was generated on 2023-08-26 with Trivy.
entrusted_container_0.3.1.20230826.log
The report below was generated on 2022-12-21 with Trivy.
entrusted_container_0.3.0.20221221.log
The report below was generated on 2022-11-22 with Trivy.
entrusted_container_0.2.6.20221122.log
The report below was generated on 2022-10-25 with Trivy.