Scanning for application level packages

aquasecurity / microscanner

Scan your container images for package vulnerabilities with Aqua Security

859 stars 108 forks source link

Scanning for application level packages #22

Closed Avni-Sharma closed 5 years ago

Avni-Sharma commented 5 years ago

I saw that the microscanner has support for OS level packages. Does it also have support for application level packages. For example flask is a package for pypi ecosystem. So does it scan for this as well, or is there a future possibility to do the same.

elsmorian commented 5 years ago

@Avni-Sharma I believe it does not but I could well be wrong, I'm not a part of this project, just a user! We currently use Safety ( https://pyup.io/safety/ ) for testing our Python packages though I will admit our testing pipeline needs a bit of work so there may be better options out there!

jerbia commented 5 years ago

@Avni-Sharma community MicroScanner only supports the OS packages. The readme specifies "package vulnerabilities" so we should probably update this to "OS package vulnerabilities".