https://vo.rs/tags/vulnerability-scanning/Vulnerability-Scanning - Tag - vo.rsHugo -- gohugo.ioenThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.Tue, 25 Jun 2024 09:00:00 +0000https://vo.rs/story/trivy-and-container-scanning-finding-vulnerabilities-before-they-find-you/<p>Every Docker image you pull is a tarball of someone else&rsquo;s decisions. That base image you chose two years ago because the tutorial used it? It&rsquo;s carrying an OpenSSL with a known hole, a libc with a CVE, and three system packages you&rsquo;ve never heard of, one of which has a remote code execution bug filed against it. You didn&rsquo;t write any of that. You&rsquo;re still running it.</p> <p>Container scanning is the unglamorous practice of finding out what&rsquo;s actually inside your images before an attacker does. And the tool I reach for first, every time, is <strong>Trivy</strong> — partly because it&rsquo;s genuinely good, and partly because it&rsquo;s free, fast, and doesn&rsquo;t try to drag me into a sales call.</p>Tue, 25 Jun 2024 09:00:00 +0000