trivy
Safeguard articles tagged "trivy" — guides, analysis, and best practices for software supply chain and application security.
33 articles
Container image scanning: how it works and best tools
A practical guide to container image scanning: how layer-by-layer CVE detection works, how Trivy stacks up, and where Safeguard adds deeper coverage.
Docker CIS Benchmark: what it checks and how to pass it
A practical breakdown of what the CIS Docker Benchmark actually checks, why Trivy alone only covers part of it, and how to remediate and stay compliant.
Container image signing and verification
Scanning tells you what's inside a container image; signing proves where it came from. Here's how signature verification closes the gap that CVE scanners like Trivy leave open.
Vulnerability prioritization: moving beyond CVSS scores
CVSS scores flood teams with thousands of "Critical" findings, but fewer than 5% of CVEs are ever exploited. Here's how reachability and exploit data fix triage.
Risk-based vulnerability management explained
Why CVSS severity alone fails to prioritize vulnerabilities, how Trivy's default scoring falls short, and how EPSS, CISA KEV, and reachability data cut remediation backlogs by 95%+.
How to reduce alert fatigue from vulnerability scanners
Container scanners like Trivy can return thousands of CVE findings per scan. Here's why most are noise, and how reachability and exploit data cut the list to what matters.
Trivy (Open Source Scanner)
Trivy is free and fast, but Aqua Security built it as a funnel to its paid CNAPP. Here's what the open-source scanner misses and how Safeguard closes the gap.
Container Vulnerability Scanner Buyer Guide 2026
A practical 2026 buyer guide for container vulnerability scanners: detection accuracy, reachability, signed advisories, runtime correlation, and the questions that separate vendors.
Open Source vs Commercial Security Scanners 2026
When to use Trivy, Grype, and OSV-Scanner versus commercial scanners in 2026: honest tradeoffs, integration realities, and decision criteria.
Trivy vs Grype: A Buyer Comparison for 2026
How Trivy 0.58 and Grype 0.85 compare in real-world container scanning: vulnerability coverage, false positive rates, SBOM support, and operational fit.
tfsec to Trivy IaC: 2026 Migration Playbook
tfsec has been folded into Trivy for over a year and Aqua has stopped feature work on tfsec. We migrated three platforms in 2026 and documented what actually breaks.
Best Container Image Scanners 2026
A fact-based review of the best container image scanners in 2026, comparing Trivy, Grype, Snyk, Prisma Cloud, and Safeguard on accuracy and noise.