Skip to content
/ image_scan_reports Public

Collection of Container Vulnerability Scans of Common Images Using Different Scanners

vexstore.dev/

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VexStore/image_scan_reports

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
grype
grype
 
 
snyk
snyk
 
 
trivy
trivy
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
final_output.csv
final_output.csv
 
 
main.py
main.py
 
 
make_vimp_db.py
make_vimp_db.py
 
 

Repository files navigation

WTF is This ?

This is a collection of container vulnerability scans of top official docker images using different vulnerability scanners like snyk, gryper and trivy.

The idea is to drive home the point that discrepancies between each scanner. Next step is to understand why these arise.

How To Run ?

Prerequisites

Behind the scenes this script uses vimp. So make sure it is installed, see the installation guide

The scanners need to be installed too.

Simply run the command:

python main.py

This is will start the scanning process for all the images specified in main.py. You can edit it to change the images you want to scan.

The raw scans of each tool would be saved in their respective directories eg ./grype, ./snyk etc

You can find the vimp sqlite DB at ~/.vimp.db .

About

Collection of Container Vulnerability Scans of Common Images Using Different Scanners

vexstore.dev/

Topics

docker vulnerability snyk cve vulnerability-scanners sbom trivy grype

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages