grype: A vulnerability scanner for container images and filesystems
I’m mainly looking at this as a way to avoid dealing with Snyk.
Its companion tool, syft looks interesting too. It’s a “CLI tool and library for generating a Software Bill of Materials from container images and filesystems”, and may need something like that at work soon enough.