Skip to main content

Container image scan

There are alot of container scanning tools, trivy, clair, grype, docker-scan and all?

but whivh one should you use, well if you host your container images on aws ecr, you will know aws ecr has an in repository scanning, both basic and advanced, the advanced scanning scans both os and app.

but the advanced scanning isnt free, its paid, i also read that aws ecr uses clair within their advanced scanning tool.

so i tested trivy, grype and aws ecr in repo advanced scan and here is the results.

AWS ECR Advanced scan​

AWS ECR Advanced scan

Grype Scan​

Grype Scan

Trivy Scan​

Trivy OS Scan Trivy App Scan

And here is the final result, we can see that grype performed better than trivy, i didnt have the chance to test with Clair