Which security scanners does the OCI CVE Checker use?

The skill primarily uses Trivy for vulnerability scanning and Skopeo for image inspection and pre-validation of image tags.

Does it automatically install required dependencies?

Yes, it includes a management script that checks for Trivy, jq, and Skopeo, and can automatically install them to a temporary directory if they are missing.

Can I use this skill with private container registries?

Yes, it supports authentication via the REGISTRY_AUTH_FILE environment variable, TRIVY_USERNAME/PASSWORD, or existing credentials from a podman login.

What output formats does the CVE comparison generate?

It generates text-based reports for fixed, new, and common CVEs, a high-level summary.txt, and full raw JSON scans for each image.

OCI CVE Comparison Tool

Name: OCI CVE Comparison Tool
Author: opendatahub-io

byopendatahub-io

•

安全与测试

Compares vulnerability reports between two OCI container images to identify fixed and newly introduced security issues.

This skill automates the process of auditing container security by comparing the Common Vulnerabilities and Exposures (CVE) profiles of two different OCI image versions. It leverages industry-standard tools like Trivy and Skopeo to generate detailed reports, categorizing vulnerabilities into fixed, new, and common issues. This allows developers and DevOps engineers to visualize security improvements or regressions during version upgrades, helping to make data-driven decisions about deployment risks and release readiness.

主要功能

01Automated differential vulnerability analysis between container image tags

02Comprehensive security posture summaries with severity breakdowns

03Support for private registry authentication and non-SSL registries

0415 GitHub stars

05Detailed categorization of fixed, new, and common CVEs

06Automatic dependency management for Trivy, jq, and Skopeo

使用场景

01Automating security gates in CI/CD pipelines before production deployment

02Validating security improvements during a container version upgrade

03Performing security audits when migrating between different base image providers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add opendatahub-io/ai-helpers oci-cve-checker

For use in Claude.ai and ChatGPT

Download Skill