Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Menu
Close
Tools Back
Last updated : Oct 28, 2020
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Oct 2020
Adopt ? We feel strongly that the industry should be adopting these items. We use them when appropriate on our projects.

Build pipelines that create and deploy containers should include container security scanning. Our teams particularly like Trivy, a vulnerability scanner for containers. We've tried Clair and Anchore Engine among other good tools in this field. Unlike Clair, Trivy doesn’t only check containers but also dependencies in the codebase. Also, because Trivy ships as a stand-alone binary, it's easier to set up and run the scan locally. Other benefits of Trivy are that it's open-source software and that it supports distroless containers.

Nov 2019
Trial ? Worth pursuing. It is important to understand how to build up this capability. Enterprises should try this technology on a project that can handle the risk.

Build pipelines that create and deploy containers should include container security scanning. Our teams particularly like Trivy, a vulnerability scanner for containers, because it's easier to set up than other tools, thanks to it shipping as a stand-alone binary. Other benefits of Trivy are that it's open-source software and that it supports distroless containers.

Published : Nov 20, 2019

Download the PDF

 

 

English | Español | Português | 中文

Sign up for the Technology Radar newsletter

 

Subscribe now

Visit our archive to read previous volumes

Go to archive