External References

There are external blogs and evaluations.

Blogs

• the vulnerability remediation lifecycle of Alpine containers
• Continuous Container Vulnerability Testing with Trivy
• Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy
• Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy

Links

• Research Spike: evaluate Trivy for scanning running containers
• Istio evaluates scanners