Docker Images Scanning

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • SonarQube - Static code analysis for 29 languages.
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
  • clair

    Vulnerability Static Analysis for Containers


  • Harbor

    An open source trusted cloud native registry project that stores, signs, and scans content.

    harbor brings a lot of this functionality if you happen to look for a registry also.

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • ahab

    ahab is a tool to check for vulnerabilities in your apt, apk, or yum powered operating systems, powered by Sonatype OSS Index.

    a bit late to the party but ahab's pretty cool - add it to your dockerfile and it just does the scanning for you

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts