Vilicus - An overseer for security scanning of container images

Vilicus is an open-source tool that orchestrates security scans of container images(Docker/OCI) and centralizes all results into a database for further analysis and metrics.



Analyze up the whole picture

This project comes to help the developers to improve the quality of their container images by finding vulnerabilities and thus addressing them with agnostic sight from vendors.

Features tile icon 01

Multiple angles

There are many tools to scan container images for vulnerabilities such as Anchore, Clair, and Trivy. But sometimes the results from the same image can be different.

Features tile icon 02

Agnostic from vendors

API Agnostic contract independently of vendors

Features tile icon 03

Database stored in container images

Vendors need to sync the vulnerabilities database, taking a lot of time. Vilicus provides daily snapshots of the databases, allowing the sync to be ready for use in few seconds rather than hours.

Features tile icon 04

GitHub Integration

Vilicus provides a GitHub Action to help you scanning container images in your CI/CD.

Features tile icon 05

Gitlab Integration

Vilicus provides a GitlabCI Template to help you scanning container images in your CI/CD.

Features tile icon 06

Online Free Service

Vilicus provides an online free service to scan public images.

Github Integration

Integrate Vilicus in your Github Workflow.

Github Integration

Vilicus Github Action

Vilicus provides a GitHub Action to help you scanning container images in your CI/CD.

Github Action
Github Integration

Github Code Scanning

You can integrate with Github Code Scanning using the Github Action Upload Sarif importing the results.

Github Code Scanning

Gitlab Integration

Integrate Vilicus in your GitlabCI.

Gitlab Integration

Vilicus GitlabCI Template

Vilicus provides a GitlabCI Template to help you scanning container images in your CI/CD.

GitlabCI Template
Gitlab Integration

Gitlab Security Tab

The template is integrated with Gitlab Security Tab using the Container Scanning Report to import the results.

Gitlab Security Tab