Home Security & Privacy Container Security Scanning

Container Security Scanning Cheat Sheet

Vulnerability checks and SBOMs

Last Updated: November 21, 2025

Focus Areas

Focus
Scan images against vulnerability feeds
Generate SBOMs and store them with artifacts

Commands & Queries

trivy image my-app:latest
Run vulnerability scan
grype my-app:latest
Alternative scanner
syft my-app:latest -o json > sbom.json
Produce SBOM

Summary

Automate scanning, keep SBOMs versioned, and block builds on high severity issues.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Fail builds on critical CVEs and refresh scanners monthly.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets