Scanner Reference

Each scanner in HarborGuard's suite serves a distinct purpose. Results are deduplicated across scanners, with per-engine attribution preserved.

Trivy

Aqua Security's comprehensive scanner. Detects vulnerabilities in OS packages (Alpine, Debian, Ubuntu, RHEL, etc.) and application dependencies (npm, pip, Go, Java, Ruby, Rust).

Grype

Anchore's vulnerability matcher. Uses the same vulnerability databases as Trivy but with different matching heuristics, catching edge cases that Trivy may miss.

Syft

Anchore's SBOM generator. Produces a complete Software Bill of Materials listing every package, version, and license in the image.

Dockle

CIS Docker Benchmark checker. Evaluates image configuration against security best practices — user permissions, exposed ports, credential leaks, and Dockerfile hygiene.

OSV-Scanner

Google's OSV database scanner. Queries the Open Source Vulnerability database for known vulnerabilities in detected packages.

Dive

Image layer analyzer. Inspects each layer for file changes, wasted space, and efficiency metrics. Helps identify bloated layers and unnecessary files.