A filesystem scan in the context of tools like Grype or Trivy is when the scanner analyzes a directory on your local machine or mounted filesystem, rather than a container image, to detect vulnerabilities in the installed packages. This is useful if you want to check:
The host system itself
Software installed outside of containers
Extracted container images or layers
It does not require a Docker image—it just inspects the packages it finds in the filesystem.