ecki
commented
11 months ago hm, dont think dive has a CVE scanner? Anyway, what you ask for is implemented in trivy and docker scout.
Closed suhalvemu closed 10 months ago
ecki
commented
11 months ago hm, dont think dive has a CVE scanner? Anyway, what you ask for is implemented in trivy and docker scout.
suhalvemu
commented
10 months ago Actually Trivy does not support layer wise scanning. I am not sure about docker scout. But since we are able to show what is present in layers of docker, can we integrate trivy and provide a feature for showing CVE at each layer.
ecki
commented
10 months ago Scout has layer scanning. The problem is not the layers, the problem is the scanning. You would need the logic to detect packages and even worse you needs useful CVE database. I think that is not on the scope of dive, but I could be wrong :)
suhalvemu
commented
10 months ago makes sense.
What would you like to be added: At each layer if there any vulnerabilities present at the time of scanning we can show/display the CVE ID's for better vulnerability detection
Why is this needed: It gives the health of image and helps us with better information in vulnerability scanning. Additional context: