Filesystem Scan

A filesystem scan in the context of tools like Grype or Trivy is when the scanner analyzes a directory on your local machine or mounted filesystem, rather than a container image, to detect vulnerabilities in the installed packages. This is useful if you want to check:

The host system itself
Software installed outside of containers
Extracted container images or layers

It does not require a Docker image—it just inspects the packages it finds in the filesystem.

Grype

grype dir:. -o json > vulns.json

Plugins:

Trivy

trivy fs . --format json > trivy-results.json

Plugins:

PreviousSCA Scan NextSAST Scan

Last updated 21 days ago