libadalang VS trivy

3) most any project on https://www.adacore.com/

There are also tools like gnatcheck and CodePeer, but I don't know if there if there are free versions available. Some of the tools that used to require ASIS have switched to libadalang because ASIS works only with code that compiles.

for more information about the language visit:

My wild guess: AdaCore is doing again something with the page. From time to time, weird things happens to www.adacore.com, like it showing old version of page, etc. I can only suggest waiting a moment (like a long moment :) ). Probably until Tuesday everything should back to normal. If not, then at least will be some statement from AdaCore.

AdaCore took it upon itself to proselytize the language, and even make and open source a bunch of tools for the community. Just between libadalang and Ada Language Server, they've already probably undermined a lot of their business model by providing the tools for modern IDE integration for free, seemingly for the sake of trying to make the language more relevant again. They've given people like myself, the opportunity to exist outside of their paid and closed ecosystem using tools like Visual Studio Code, and even done things like fix multiple bugs and implement several features I've requested.

I dont know for sure, but it might be the language that Garmin uses given that one of the images on Adacore.com looks like a G1000 cockpit.

Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec

Trivy. A Simple and Comprehensive Vulnerability Scanner for Containers.

Using Trivy:

Trivy is a mature and comprehensive open source tool from Aqua Security that supports scanning multiple sources, from file systems to containers and VMs. Trivy also looks beyond vulnerabilities, to scan licenses, secrets, infrastructure as code misconfiguration, and more.

I would suggest to think about the thread model that you are facing so you can have a better mental model of the weak points of your environment. The very very big majority of these attacks will be automated probing for publicly known vulnerabilities or default credentials. That means the maintainers of the software you are running and the channels on which their updates are shipped to you and deployed are very important factors. For software that is not installed from a trusted and well maintained source (e.g. Ubuntus main repository), you want to make extra sure that vulnerabilities are updated. E.g. your deployed docker containers might contain security issues, you can run checks on these with tools like trivy. The same is also true for appliances, in case your router or firewall contains a software vulnerability, how will you be notified and how will the required updates be deployed?