A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI.
It is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily.
Most of my Docker images are Alpine based. Trivy uses better vulnerability data for Alpine compared to Clair.
This can be easily plugged in to you CI/CD pipeline - in the scenario we we allow the pipeline to fail, the objective here is to provide visibility.