Community References

Below is a list of additional resources from the community.

Vulnerability Scanning

• Detecting Spring4Shell with Trivy and Grype
• Scan OS of your EC2 instances with Trivy

CI/CD Pipelines

• How to use Tekton to set up a CI pipeline with OpenShift Pipelines
• Continuous Container Vulnerability Testing with Trivy
• Getting Started With Trivy and Jenkins
• How to use Tekton to set up a CI pipeline with OpenShift Pipelines

Misconfiguration Scanning

• Identifying Misconfigurations in your Terraform
• How to write custom checks for Trivy

SBOM, Attestation & related

• Attesting Image Scans With Kyverno

Trivy Kubernetes

• Using Trivy Kubernetes in OVHCloud documentation.

Comparisons

• the vulnerability remediation lifecycle of Alpine containers
• Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy
• Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy

Evaluations

• Istio evaluating to use Trivy
• Research Spike: evaluate Trivy for scanning running containers