This item was not updated in last three versions of the Radar. Should it have appeared in one of the more recent editions, there is a good chance it remains pertinent. However, if the item dates back further, its relevance may have diminished and our current evaluation could vary. Regrettably, our capacity to consistently revisit items from past Radar editions is limited.
Adopt
Trivy is an open-source vulnerability scanner for containers and other targets. It utilizes an extensive vulnerability database to scan for CVEs, software dependencies in use and common misconfigurations.
Trivy is lightweight and has no external dependencies, making it suitable for use in CI/CD pipelines. Additionally, it can support developers by providing actionable remediation advice, making it easier to fix vulnerabilities.
As it has proven to be a good fit for both our needs and into our development pipelines, we strongly recommend to give it a try in your own projects.