Skip to content

feat: add container image vulnerability scanning #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
williambrady merged 3 commits into from
Jan 28, 2026
Merged

feat: add container image vulnerability scanning #14

williambrady merged 3 commits into from
Jan 28, 2026

Conversation

@williambrady
Copy link
Owner

@williambrady williambrady commented Jan 28, 2026

Add new ContainerScanner that uses Trivy to scan Docker images for CVEs:

  • Detects Dockerfiles in repositories
  • Builds images from Dockerfiles
  • Runs trivy image to scan for package vulnerabilities
  • Reports findings in normalized format with remediation guidance
  • Configurable via config.yaml (severities, timeouts, cleanup)

Updated components:

  • repo_detector.py: Added Dockerfile detection
  • main.py: Integrated ContainerScanner into scan pipeline
  • config_loader.py: Added container scanning defaults
  • config.yaml: Added container scanning configuration section

feat: add container image vulnerability scanning
cab52b3 
Add new ContainerScanner that uses Trivy to scan Docker images for CVEs:
- Detects Dockerfiles in repositories
- Builds images from Dockerfiles
- Runs trivy image to scan for package vulnerabilities
- Reports findings in normalized format with remediation guidance
- Configurable via config.yaml (severities, timeouts, cleanup)

Updated components:
- repo_detector.py: Added Dockerfile detection
- main.py: Integrated ContainerScanner into scan pipeline
- config_loader.py: Added container scanning defaults
- config.yaml: Added container scanning configuration section
@augmentcode
Copy link

augmentcode bot commented Jan 28, 2026

🤖 Augment PR Summary

Summary: Adds Docker container image vulnerability scanning to the SDLC Code Scanner using Trivy.

Changes:

  • Introduced ContainerScanner to build images from detected Dockerfiles and run trivy image to collect CVE data
  • Extended repository detection to recognize Dockerfiles/Containerfiles and enable container scanning automatically
  • Integrated container scanning into the local scan pipeline and documented it in the list-tools output
  • Added container-scanning defaults and config options (severities, timeouts, image cleanup, rule exclusions)

Technical Notes: Trivy JSON output is parsed into the existing normalized Finding format, including package/version details, CVSS metadata, and fix-version-based remediation guidance.

🤖 Was this summary useful? React with 👍 or 👎

augmentcode[bot]
augmentcode bot reviewed Jan 28, 2026
View reviewed changes
Copy link

@augmentcode augmentcode bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 2 suggestions posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

william brady added 2 commits January 28, 2026 00:18
Update copyright year to 2026
edcc3a4
fix: address PR review feedback for container scanner
dd09cd8 
- Check for Docker availability before attempting to build images
- Sanitize image names: lowercase, alphanumeric and hyphens only
ghaworkflow
ghaworkflow approved these changes Jan 28, 2026
View reviewed changes
Copy link
Collaborator

@ghaworkflow ghaworkflow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Content looks correct.

@williambrady williambrady merged commit 7abe74c into main Jan 28, 2026
5 checks passed
@williambrady williambrady deleted the feature/container-image-scanning branch January 28, 2026 05:26
@github-actions github-actions bot mentioned this pull request Jan 28, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ghaworkflow ghaworkflow ghaworkflow approved these changes

+1 more reviewer

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@williambrady @ghaworkflow