all InfoSec news
Best vulnerability scanner for DevOps
May 19, 2023, 11:38 p.m. | /u/Complex_Argument_940
cybersecurity www.reddit.com
I am new to Reddit and also to the DevSecOps concept.
I am looking for recommendations to scan Docker images in CI/CD pipelines. I have looked at following OSS projects:
* Trivy ([https://github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy))
* Grype ([https://github.com/anchore/grype](https://github.com/anchore/grype))
* Snyk ([https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration/snyk-docker-action](https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration/snyk-docker-action))
However I see that all of them show different sets of vulnerabilities and not sure how to reconcile the security threat, without spending too much time on it.
We are mostly a Go and NPM shop and thats what …
concept cybersecurity devops devsecops docker hey images oss pipelines projects recommendations reddit scan scanner security security threat spending threat vulnerabilities vulnerability vulnerability scanner
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Information Technology Specialist II: Network Architect
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Cyber Threat Defense - PAM Manager
@ PwC | Amsterdam - Thomas R. Malthusstraat 5
InfoSec Specialist
@ Deutsche Bank | Bucharest
DevSecOps Engineer
@ Swiss Re | Bengaluru, KA, IN