It's worth noting that whilst vulnerability scanners are very useful, they pretty easy to bypass, if someone creates an image and doesn't want them to flag things up.
Security Scanners are not supposed to be defensive tools -- they flag what they can find; evaluating the quality of the resources is still the responsibility of the user