Community References
Below is a list of additional resources from the community.
Vulnderability Scanning
CI/CD Pipelines
- How to use Tekton to set up a CI pipeline with OpenShift Pipelines
- Continuous Container Vulnerability Testing with Trivy
- Getting Started With Trivy and Jenkins
- How to use Tekton to set up a CI pipeline with OpenShift Pipelines
Misconfiguration Scanning
SBOM, Attestation & related
Trivy Kubernetes
Comparisons
- the vulnerability remediation lifecycle of Alpine containers
- Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy
- Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy