This message was deleted.

I used it in the past very powerful, one thing I like most is Trivy Github Action, but the docker desktop also has scout and some nice visibility, and grype shows you more specific details.

Thank you @Saim Safdar We need SOC2 attested and HIPAA compliance products as we deal with Health Care products

Hi @Gayathri P Borker , Your question is not very clear. Trivy is a just a tool which helps you enhance your security. whereas Soc2 or Hippa is compliance standard so the way you will configure Trivy will decide your compliance level.

Yes, Ankush was right @Gayathri P Borker can you explain a bit more, Trivy as described above to help you configure as per your Org requirement for Compliance. Trivy belongs to the family of vulnerability scanning, you need a tool to so (Trivy, Grype, or Scout) "_SOC2 attested and HIPAA compliance product_s"

okay...we are asked to use tools that are SOC2 and HIPAA compliant.

you can look at it as Trivy is a vulnerability scanner for containers and is not a service or platform that undergoes formal compliance certifications (chances are not the one, I believe scanners we have today aren't SOC2 and HIPAA, need to double check), Trivy is deployed and used within an org's infrastructure.

okay thank you for the information

Hi, ARMO Platform is the SaaS product based on Kubescape, which started out as a scanner and is steadily growing into an end-to-end Kubernetes security platform. Kubescape is a CNCF Sandbox project, though I do not think that ensures compliance. ARMO has SOC 2 compliance. Furthermore both open source Kubescape and ARMO Platofrm have a SOC 2 framework to help achieve and maintain SOC 2 compliance. I hope this helps and LMK if you have any additional questions.