Safeguard
Container Security

OSS container image scanning tools compared

Trivy finds CVEs fast and free. Safeguard compares how each handles fleet-wide inventory, triage, policy enforcement, and audit evidence at scale.

Karan Patel
Cloud Security Engineer
7 min read

If you've searched for open source container image scanning tools, Trivy from Aqua Security has almost certainly shown up first. It's fast, free, and genuinely good at finding known CVEs in container layers. But running trivy image against a registry is a very different problem than running a container security program across a fleet of services, dozens of repositories, and a compliance audit that wants proof, not just output.

This post compares Trivy, the open source scanner, against Safeguard, a software supply chain security platform, on the dimensions that actually matter once scanning stops being a one-off CLI command and becomes an operational requirement: scope of what gets scanned, how results get triaged and tracked over time, how policy gets enforced in CI/CD, and what a compliance team can actually point to during an audit. We're not going to invent numbers or pricing for Aqua's commercial tier — where we're unsure, we describe what Safeguard does instead of guessing about a competitor's roadmap.

What does Trivy actually scan, and where does that leave gaps?

Trivy is a genuinely broad open source scanner. It covers container images, filesystems, git repositories, Kubernetes manifests, Infrastructure-as-Code (Terraform, CloudFormation, Dockerfiles), and can detect known CVEs, exposed secrets, misconfigurations, and software licenses. That breadth is a real strength and one reason it's become a default choice embedded in tools like GitHub Actions, GitLab, and various CI runners.

The gap isn't scanning depth — it's what happens after the scan runs. Trivy outputs a report (JSON, SARIF, table, etc.) per invocation. It does not, on its own, maintain a persistent inventory of every image across every repo and registry in an org, track whether a previously-flagged CVE has been remediated, or correlate findings across builds over time. Each trivy image run is scoped to that run. Aggregating results into a fleet-wide view requires wiring Trivy's output into a separate system — a SIEM, a data warehouse, or a custom dashboard someone on the team has to build and maintain.

Safeguard is built around the assumption that scanning is a means to an end, not the deliverable. Every scan result lands in a persistent asset inventory tied to the image, the repository, and the pipeline that produced it, so the question "is this CVE still open in production" has a direct answer without re-running anything or stitching together logs.

How do the two handle vulnerability triage and noise?

Any scanner that checks images against CVE databases (NVD, vendor advisories, distro trackers) will surface a large number of findings, and a meaningful share of those are not exploitable in the specific runtime context — a vulnerable library that's never invoked, or a CVE in a package that's present but unreachable. Trivy itself has added features over time to reduce false positives, including checking whether a vulnerable Go binary function is actually called, but ambiguity resolution and prioritization judgment calls are largely left to whoever reads the report.

Safeguard's approach centers on giving findings context before a human has to make a judgment call: severity is combined with reachability and asset criticality signals so a team can triage the 20 findings that matter out of the 400 that were flagged, rather than working a flat CVSS-sorted list. That triage state — accepted risk, false positive, remediation in progress — persists against the finding, so the same CVE doesn't get re-litigated on every subsequent scan of the same image.

Who owns enforcement in CI/CD?

Trivy is straightforward to drop into a pipeline: it's a single binary or container image, and its exit-code behavior can fail a build when findings above a chosen severity threshold are present. That's exactly what a lot of teams need, and it works well as a gate.

Where it stops is the org-wide policy layer. Trivy's severity thresholds and ignore-file exceptions (.trivyignore) are configured per repository, per pipeline. Keeping that consistent across fifty services means either a shared config template that teams remember to adopt, or accepting that each team's gate looks a little different. There's no built-in central policy engine that says "this rule applies everywhere unless explicitly exempted, and here's who approved the exemption."

Safeguard treats policy as an org-level object: a rule (e.g., no critical CVEs with a known exploit in production images) is defined once and applied across every connected repository and pipeline, with exceptions requiring an explicit, logged approval rather than a local config file edit. That distinction matters most exactly when it's least visible day-to-day — during an audit, or during an incident retrospective where someone needs to know why a vulnerable image shipped.

What does an auditor actually get from each tool?

This is one of the more concrete, verifiable differences. Trivy will generate an SBOM (CycloneDX or SPDX) and a vulnerability report per scan. Both are useful audit inputs. But Trivy does not track approval workflows, retain historical scan results as a queryable system of record, or map findings to compliance frameworks like SOC 2 or ISO 27001 — that mapping and retention work has to be built by the team using it, typically by piping Trivy's JSON output into another system.

Safeguard is built to produce that audit trail as a byproduct of normal use: control mappings, historical evidence of when a finding was detected and when it was resolved, and exportable reports formatted for an assessor rather than a raw JSON blob. For a team whose primary pain point is "we can scan, but we can't prove our process to an auditor," that's the gap being closed.

Does self-hosting the scanner change the risk calculus?

Trivy runs entirely in your own environment — no data leaves your infrastructure to invoke it, which is a fair and accurate advantage of a local open source CLI tool. That's worth acknowledging plainly rather than downplaying it.

The tradeoff is operational: someone has to keep the vulnerability database current, manage where scan results are stored, build the retention and access-control layer around that data, and maintain the integrations that turn scan output into workflow (ticket creation, Slack alerts, dashboards). None of that is difficult in isolation, but it accumulates as the number of scanned assets grows.

Safeguard is delivered as a managed platform, so that operational layer — database freshness, storage, retention, integrations, uptime — is handled as part of the product rather than as infrastructure a security team has to own. The right choice depends on whether a team's priority is data locality and full control (Trivy, self-managed) or reducing the operational surface area of running a scanning program (a managed platform like Safeguard).

How Safeguard Helps

Teams don't have to choose Trivy or Safeguard in isolation — many organizations already have Trivy embedded in CI and get real value from it as a scanning engine. Safeguard's role is the layer above and around that: a persistent inventory of every container image and repository across the org, contextual triage that separates exploitable risk from theoretical CVE noise, centrally defined and consistently enforced policy across every pipeline, and audit-ready evidence that maps directly to frameworks like SOC 2 without a team having to build that mapping themselves.

If the current state is "we have scan output," Safeguard's job is to turn that into "we have a system of record for supply chain risk" — one that a security team can operate day to day and hand to an auditor without a scramble. For teams evaluating open source container image scanning tools as a starting point, the practical question isn't whether Trivy can find CVEs — it demonstrably can — but whether the surrounding program of triage, policy, and evidence is something you want to build in-house or get out of the box.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.