Quick Links & Suggestions
Press Enter to search site, Esc to exit
↑↓ Navigate

How do you scan Docker images for vulnerabilities in a CI/CD pipeline?

Hard Topic: Docker May 24, 2026

Image scanning should be a mandatory gate before pushing to production. Tools and integration steps:

  • Trivy (Aqua): Fast, comprehensive, easy CI integration. trivy image myapp:latest
  • Snyk: Deep dependency scanning with developer-friendly output.
  • Docker Scout: Built into Docker Hub.
  • Grype: From Anchore, works well with SBOM workflows.
# GitHub Actions example
- name: Scan image with Trivy
  uses: aquasecurity/trivy-action@master
  with:
    image-ref: myapp:${{ github.sha }}
    severity: CRITICAL,HIGH
    exit-code: 1  # Fail the pipeline on critical vulnerabilities
← Previous Explain Docker layer caching and how it impacts... Next → What is the purpose of ENTRYPOINT vs CMD...

Practice Similar Questions

How do you implement health checks in Docker and why...
Hard
What is the difference between Docker COPY and ADD instructions?
Easy
What are dangling Docker images and how do you clean...
Medium
Back to Docker Topics