Installation

Open Claude Code and run this command:

/plugin install container-security-scanner@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

What It Does

Scan containers for vulnerabilities using Trivy, Snyk, and other security tools

Features

Production-ready
Best practices
Multi-platform
Well-documented

Skills (1)

scanning-container-security SKILL.md View full skill →

Execute use when you need to work with security and compliance.

ReadWriteEditGrepGlobBash(docker:*)Bash(kubectl:*)

Scanning Container Security

Overview

Scan container images and Dockerfiles for vulnerabilities, misconfigurations, and compliance violations using Trivy, Grype, Snyk Container, and Hadolint. Analyze base images, OS packages, application dependencies, and runtime configurations to produce actionable security reports with remediation guidance.

Prerequisites

Container scanning tool installed: trivy, grype, snyk, or docker scout
Dockerfile linter: hadolint for Dockerfile best practice validation
Docker daemon running for local image scanning
Access to the container images to scan (local, registry, or tar archive)
jq for parsing JSON scan results

Instructions

Identify target images for scanning: production images, base images, and CI-built images
Lint Dockerfiles with hadolint Dockerfile to catch misconfigurations before build (privileged instructions, pinned versions, shell best practices)
Scan built images for OS-level vulnerabilities: trivy image or grype
Scan for application dependency vulnerabilities: check language-specific packages (npm, pip, Maven, Go modules) embedded in the image
Check for secrets accidentally baked into image layers: trivy image --scanners secret
Evaluate image against CIS Docker Benchmark: verify non-root user, read-only filesystem capability, health checks defined
Generate a security report with severity classification (Critical, High, Medium, Low) and CVE identifiers
Produce remediation steps: upgrade base image, pin package versions, replace vulnerable dependencies
Integrate scanning into CI/CD pipeline: fail builds on Critical/High vulnerabilities, generate SARIF output for GitHub Security tab

Output

Vulnerability scan report in JSON, table, or SARIF format
Hadolint report with Dockerfile improvement recommendations
Remediation Dockerfile patches (updated base image, pinned package versions)
CI/CD pipeline step configuration for automated image scanning
Security policy document defining acceptable risk thresholds

Error Handling

Error	Cause	Solution
`trivy: unable to pull image`	Image not found locally or registry auth failure	Pull image first with `docker pull` or configure registry credentials
`CRITICAL vulnerability found but no fix available`	Upstream package has no patch yet	Document as accepted risk, use `--ignore-unfixed` flag, or switch to an alternative base image
hadolint: DL3008 pin versi How It Works /container-scan Ready to use container-security-scanner? Related Plugins ansible-playbook-creator Create Ansible playbooks for configuration management auto-scaling-configurator Configure auto-scaling policies for applications and infrastructure backup-strategy-implementor Implement backup strategies for databases and applications ci-cd-pipeline-builder Build CI/CD pipelines for GitHub Actions, GitLab CI, Jenkins, and more cloud-cost-optimizer Optimize cloud costs and generate cost reports compliance-checker Check infrastructure compliance (SOC2, HIPAA, PCI-DSS) Tags securitycontainersscanningvulnerabilitiestrivydevops Stay in the Loop No spam. Unsubscribe anytime. Product Explore Skills Cowork Compare Tools Resources Docs Changelog Collections Playbooks Research Learning Company Community Spotlight GitHub Legal Privacy Terms Acceptable Use Tons of Skills by Intent Solutions. Marine. Citadel Grad. 20 years ops → self-taught dev → AI architect. © 2026 Tons of Skills \| Intent Solutions

container-security-scanner

Installation

What It Does

Features

Skills (1)

Scanning Container Security

Overview

Prerequisites

Instructions

Output

Error Handling

How It Works

Ready to use container-security-scanner?

Related Plugins

ansible-playbook-creator

auto-scaling-configurator

backup-strategy-implementor

ci-cd-pipeline-builder

cloud-cost-optimizer

compliance-checker