May 19, 2023, 11:38 p.m. | /u/Complex_Argument_940


Hey guys!

I am new to Reddit and also to the DevSecOps concept.

I am looking for recommendations to scan Docker images in CI/CD pipelines. I have looked at following OSS projects:

* Trivy ([](
* Grype ([](
* Snyk ([](

However I see that all of them show different sets of vulnerabilities and not sure how to reconcile the security threat, without spending too much time on it.
We are mostly a Go and NPM shop and thats what …

concept cybersecurity devops devsecops docker hey images oss pipelines projects recommendations reddit scan scanner security security threat spending threat vulnerabilities vulnerability vulnerability scanner

Toronto Transit Commission (TTC) - Chief Information Security Officer (CISO)

@ BIPOC Executive Search Inc. | Toronto, Ontario, Canada

Unit Manager for Cyber Security Culture & Competence

@ H&M Group | Stockholm, Sweden

Junior Security Engineer

@ Pipedrive | Tallinn, Estonia

Splunk Engineer (TS/SCI)

@ GuidePoint Security LLC | Huntsville, AL

DevSecOps Engineer, SRE (Top Secret) - 1537

@ Reinventing Geospatial (RGi) | Herndon, VA

Governance, Risk and Compliance (GRC) Lead

@ Leidos | Brisbane, Australia