Safeguard
Tag

trivy

Safeguard articles tagged "trivy" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Container Security

Container image scanning: how it works and best tools

A practical guide to container image scanning: how layer-by-layer CVE detection works, how Trivy stacks up, and where Safeguard adds deeper coverage.

Apr 26, 20267 min read
Container Security

Docker CIS Benchmark: what it checks and how to pass it

A practical breakdown of what the CIS Docker Benchmark actually checks, why Trivy alone only covers part of it, and how to remediate and stay compliant.

Apr 26, 20268 min read
Software Supply Chain Security

Container image signing and verification

Scanning tells you what's inside a container image; signing proves where it came from. Here's how signature verification closes the gap that CVE scanners like Trivy leave open.

Apr 25, 20268 min read
Vulnerability Management

Vulnerability prioritization: moving beyond CVSS scores

CVSS scores flood teams with thousands of "Critical" findings, but fewer than 5% of CVEs are ever exploited. Here's how reachability and exploit data fix triage.

Apr 25, 20267 min read
Vulnerability Management

Risk-based vulnerability management explained

Why CVSS severity alone fails to prioritize vulnerabilities, how Trivy's default scoring falls short, and how EPSS, CISA KEV, and reachability data cut remediation backlogs by 95%+.

Apr 24, 20268 min read
Vulnerability Management

How to reduce alert fatigue from vulnerability scanners

Container scanners like Trivy can return thousands of CVE findings per scan. Here's why most are noise, and how reachability and exploit data cut the list to what matters.

Apr 24, 20267 min read
Vulnerability Management

Trivy (Open Source Scanner)

Trivy is free and fast, but Aqua Security built it as a funnel to its paid CNAPP. Here's what the open-source scanner misses and how Safeguard closes the gap.

Apr 12, 20267 min read
Container Security

Container Vulnerability Scanner Buyer Guide 2026

A practical 2026 buyer guide for container vulnerability scanners: detection accuracy, reachability, signed advisories, runtime correlation, and the questions that separate vendors.

Apr 9, 20265 min read
Best Practices

Open Source vs Commercial Security Scanners 2026

When to use Trivy, Grype, and OSV-Scanner versus commercial scanners in 2026: honest tradeoffs, integration realities, and decision criteria.

Apr 9, 20268 min read
Tools

Trivy vs Grype: A Buyer Comparison for 2026

How Trivy 0.58 and Grype 0.85 compare in real-world container scanning: vulnerability coverage, false positive rates, SBOM support, and operational fit.

Apr 8, 20266 min read
Tools

tfsec to Trivy IaC: 2026 Migration Playbook

tfsec has been folded into Trivy for over a year and Aqua has stopped feature work on tfsec. We migrated three platforms in 2026 and documented what actually breaks.

Mar 26, 20266 min read
Best Practices

Best Container Image Scanners 2026

A fact-based review of the best container image scanners in 2026, comparing Trivy, Grype, Snyk, Prisma Cloud, and Safeguard on accuracy and noise.

Mar 19, 20267 min read
trivy (Page 2) — Safeguard Blog