[sprt]

Was looking into this yesterday as I have a bunch of containers running on my media server. Found this tool: https://github.com/aquasecurity/trivy which allows you to easily scan your images for vulns. Anyone have other recs?

[thinkmassive]

Anchore provides Grype https://github.com/anchore/grype

[sprt]

Nice. I like the (shortest) output of this one better. And as opposed to trivy, it was able to detect the packages (and 1 vuln) in ghcr.io/linuxserver/swag.

[loganmarchione]

There is also Clair. https://github.com/quay/clair

[Iolaum]

Looks like a very good tool!

Shame it doesn't support Fedora. I all be definitely checking it out.