{"id":"9a56ece1-4337-49a2-a6f5-ae629da49c4f","shortId":"r8cgrL","kind":"skill","title":"Container Image Vulnerability Scanner","tagline":"Scans Docker and OCI container images for vulnerabilities using Trivy JSON output and the Docker Hub API v2 for image metadata. Analyzes base image layers via Syft SBOM generation and maps CVEs to fixed versions using the Alpine SecDB and Debian Security Tracker APIs.","description":"# Container Image Vulnerability Scanner\n\nScans Docker and OCI container images for vulnerabilities using Trivy JSON output and the Docker Hub API v2 for image metadata. Analyzes base image layers via Syft SBOM generation and maps CVEs to fixed versions using the Alpine SecDB and Debian Security Tracker APIs.\n\n## Installation\n\nRequirements and caveats from upstream:\n- ![Docker Pulls][docker-pulls]\n- docker run aquasec/trivy\n- There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ec...\n\nBasic usage or getting-started notes:\n- ### Get Trivy\n- Trivy is available in most common distribution channels. The full list of installation options is available in the [Installation] page. Here are a few popular examples:\n- brew install trivy\n\n- Source: https://github.com/aquasecurity/trivy\n- Extracted from upstream docs: https://raw.githubusercontent.com/aquasecurity/trivy/HEAD/README.md\n\n## Documentation\n\n- https://trivy.dev/latest/\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/container-image-vulnerability-scanner/)","tags":["container","image","vulnerability","scanner","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex"],"capabilities":["skill","source-agentskillexchange","skill-container-image-vulnerability-scanner","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/container-image-vulnerability-scanner","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,207 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:55.539Z","embedding":null,"createdAt":"2026-05-18T13:15:49.670Z","updatedAt":"2026-05-18T19:09:55.539Z","lastSeenAt":"2026-05-18T19:09:55.539Z","tsv":"'/aquasecurity/trivy':167 '/aquasecurity/trivy/head/readme.md':174 '/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary),':123 '/latest/':178 '/r/aquasec/trivy/tags?page=1&name=canary),':119 '/skills/container-image-vulnerability-scanner/)':185 'agent':180 'agentskillexchange.com':184 'agentskillexchange.com/skills/container-image-vulnerability-scanner/)':183 'alpin':42,90 'analyz':26,74 'api':21,48,69,96 'aquasec/trivy':110 'avail':137,150 'base':27,75 'basic':126 'brew':161 'build':114 'canari':113 'caveat':100 'channel':142 'common':140 'contain':1,9,49,57 'cves':36,84 'debian':45,93 'distribut':141 'doc':171 'docker':6,19,54,67,103,106,108,115 'docker-pul':105 'document':175 'ecr':124 'exampl':160 'exchang':182 'extract':168 'fix':38,86 'full':144 'gallery.ec':125 'generat':33,81 'get':130,133 'getting-start':129 'github':120 'github.com':122,166 'github.com/aquasecurity/trivy':165 'github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary),':121 'hub':20,68,116 'hub.docker.com':118 'hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary),':117 'imag':2,10,24,28,50,58,72,76 'instal':97,147,153,162 'json':15,63 'layer':29,77 'list':145 'map':35,83 'metadata':25,73 'note':132 'oci':8,56 'option':148 'output':16,64 'page':154 'popular':159 'pull':104,107 'raw.githubusercontent.com':173 'raw.githubusercontent.com/aquasecurity/trivy/head/readme.md':172 'requir':98 'run':109 'sbom':32,80 'scan':5,53 'scanner':4,52 'secdb':43,91 'secur':46,94 'skill':181 'skill-container-image-vulnerability-scanner' 'sourc':164,179 'source-agentskillexchange' 'start':131 'syft':31,79 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'tracker':47,95 'trivi':14,62,134,135,163 'trivy.dev':177 'trivy.dev/latest/':176 'upstream':102,170 'usag':127 'use':13,40,61,88 'v2':22,70 'version':39,87 'via':30,78 'vulner':3,12,51,60","prices":[{"id":"d9254d44-ba23-4bcb-bf40-84b91b7c81bd","listingId":"9a56ece1-4337-49a2-a6f5-ae629da49c4f","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:15:49.670Z"}],"sources":[{"listingId":"9a56ece1-4337-49a2-a6f5-ae629da49c4f","source":"github","sourceId":"agentskillexchange/skills/container-image-vulnerability-scanner","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/container-image-vulnerability-scanner","isPrimary":false,"firstSeenAt":"2026-05-18T13:15:49.670Z","lastSeenAt":"2026-05-18T19:09:55.539Z"}],"details":{"listingId":"9a56ece1-4337-49a2-a6f5-ae629da49c4f","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"container-image-vulnerability-scanner","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"ff069226a4c85011c9024caef19c21bf56be3325","skill_md_path":"skills/container-image-vulnerability-scanner/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/container-image-vulnerability-scanner"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Container Image Vulnerability Scanner","description":"Scans Docker and OCI container images for vulnerabilities using Trivy JSON output and the Docker Hub API v2 for image metadata. Analyzes base image layers via Syft SBOM generation and maps CVEs to fixed versions using the Alpine SecDB and Debian Security Tracker APIs."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/container-image-vulnerability-scanner"},"updatedAt":"2026-05-18T19:09:55.539Z"}}