Skip to content
All tags

#vulnerability-scan

2 posts
tech guide

False positives in Node.js image vulnerability scans? Separate app packages from npm built-ins first

When reviewing vulnerability scan results for a Node.js Docker image, you can't just look at package names. First distinguish between project dependencies and the packages bundled with npm inside the base image — otherwise you'll fix the wrong thing.

#docker#security#vulnerability-scan#npm#nodejs
tech guide

What Is Vulnerability Scanning? A Quick Intro to Docker and Package Scanning with Trivy

Vulnerability scanning isn't just about generating reports — it helps you discover known risks in your system before they become incidents. This post uses Trivy as a hands-on example to explain what scanners actually look for, how to read the results, and how to get started.

#security#vulnerability-scan#trivy#docker#devsecops