Vilicus - An overseer for security scanning of container images
Vilicus is an open-source tool that orchestrates security scans of container images(Docker/OCI) and centralizes all results into a database for further analysis and metrics.
Analyze up the whole picture
This project comes to help the developers to improve the quality of their container images by finding vulnerabilities and thus addressing them with agnostic sight from vendors.
Multiple angles
There are many tools to scan container images for vulnerabilities such as Anchore, Clair, and Trivy. But sometimes the results from the same image can be different.
Agnostic from vendors
API Agnostic contract independently of vendors
Database stored in container images
Vendors need to sync the vulnerabilities database, taking a lot of time. Vilicus provides daily snapshots of the databases, allowing the sync to be ready for use in few seconds rather than hours.
GitHub Integration
Vilicus provides a GitHub Action to help you scanning container images in your CI/CD.
Gitlab Integration
Vilicus provides a GitlabCI Template to help you scanning container images in your CI/CD.
Online Free Service
Vilicus provides an online free service to scan public images.
Github Integration
Integrate Vilicus in your Github Workflow.
Vilicus Github Action
Vilicus provides a GitHub Action to help you scanning container images in your CI/CD.
Github Code Scanning
You can integrate with Github Code Scanning using the Github Action Upload Sarif importing the results.
Gitlab Integration
Integrate Vilicus in your GitlabCI.
Vilicus GitlabCI Template
Vilicus provides a GitlabCI Template to help you scanning container images in your CI/CD.
Gitlab Security Tab
The template is integrated with Gitlab Security Tab using the Container Scanning Report to import the results.