Currently we are using anchore + github actions to handle our image scanning. While this is okay, we may have a better option in Snyk. This tool not only provides better filtering for vulns, but also gives suggestions for fixes. The only drawback is that Snyk free tier only provides 200 tests per month. They do seem to count these tests rather lightly (I have done about 20 runs of snyk that have yet to be tallied) so perhaps there is some wiggle-room. Either way we want to try this tool out here while it is there is some action!
Currently we are using
anchore+ github actions to handle our image scanning. While this is okay, we may have a better option in Snyk. This tool not only provides better filtering for vulns, but also gives suggestions for fixes. The only drawback is that Snyk free tier only provides 200 tests per month. They do seem to count these tests rather lightly (I have done about 20 runs of snyk that have yet to be tallied) so perhaps there is some wiggle-room. Either way we want to try this tool out here while it is there is some action!