Bench (and choose) Java-8 docker images with anchore/grype

This page summarizes the projects mentioned and recommended in the original post on dev.to

Our great sponsors
  • SonarLint - Clean code begins in your IDE with SonarLint
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • Scout APM - Truly a developer’s best friend
  • talent.io - Download talent.io’s Tech Salary Report
  • grype

    A vulnerability scanner for container images and filesystems

    We recently started to put grype and Anchore Container Scan in our (GH based) CI pipeline.

  • scan-action

    Anchore container analysis and scan provided as a GitHub Action

    I see https://github.com/anchore/scan-action supports a SARIF report. However, instead of using the grype --template option, it creates it in the code.

  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts