We have seen a lot of security scanning tools like Blackduck, Fortify, SonarQube etc.. these tool scan source code and the built binaries, it is all well and good I think they do the best job in their respective feature kits. in a industry where we are shipping the solutions in containers bundled with the binaries, it is relevant if we had a tool that could scan the final product. That is what Trivy an open source project is offering. it is developed by aqua security. I think it is a brilliant little tool that scans for security issues in a docker image for free!! well what and all it will scan? it scans for operating system libraries that support your application and the application itself. it scans for any misconfigurations, secrets as well. only thing it don't have is a dashboard like sonarqube and blackduck. still it generates text and JSON based reports that can be used to create dashboards in grafana or superset. Operating System Libraries : Trivy scans the base image and a...