ScanRook Blog
Educational articles on vulnerability scanning, CVE databases, exploit prediction, and container security.
How to Scan a Docker Image for Vulnerabilities (4 Ways)
A step-by-step guide to scanning Docker images for vulnerabilities with Docker Scout, Trivy, Grype, and ScanRook — how to export an image, read the results, fix findings, and automate scanning in CI/CD.
IntegrationsScanRook MCP Server: Let AI Assistants Scan for Vulnerabilities
Introducing the ScanRook MCP server — give Claude, GPT, and any MCP-compatible AI assistant the ability to scan container images, check CVEs, and analyze licenses through natural conversation.
BenchmarksVulnerability Scanner Benchmark 2026: ScanRook vs Trivy vs Grype vs Snyk
Comprehensive 2026 vulnerability scanner benchmark comparing ScanRook, Trivy, Grype, and Snyk on real container images. Methodology, timing data, finding counts, and accuracy analysis.
Data sourcesCVE Database Comparison: NVD vs OSV vs GHSA vs Snyk Intel (2026)
Comprehensive comparison of vulnerability databases — NVD, OSV, GHSA, Snyk Intel, and Red Hat OVAL — covering coverage, update speed, API access, and when to use each.
BenchmarksScanRook Benchmark Results: Real Scan Data Against Trivy and Grype
Transparent benchmark results comparing ScanRook, Trivy, and Grype on five container images with analysis of finding differences.
LaunchWhy We Built ScanRook
Why we chose a local-first scanner architecture with optional cloud enrichment.
Technical deep-diveWhat Is an SBOM? How ScanRook Uses SBOMs for Faster, More Accurate Triage
A practical guide to SBOMs, why they matter for security programs, and how ScanRook uses them in real workflows.
What Is a CVE? A Plain-English Guide to Vulnerability IDs
What a CVE is, what the ID format means, who assigns them, and how the CVE lifecycle works — plus how CVE relates to CVSS, CWE, EPSS, and KEV.
Log4Shell (CVE-2021-44228) Explained: Detection and Remediation
A clear technical explanation of Log4Shell (CVE-2021-44228), the critical Log4j RCE — how the JNDI exploit worked, affected versions, the follow-up CVEs, and how to detect and remediate vulnerable JARs.
Alpine vs Debian vs Distroless: Which Container Base Image Is Most Secure?
Comprehensive comparison of Alpine, Debian Slim, Ubuntu, and Distroless container base images for security. Real vulnerability scan data, size comparison, compatibility tradeoffs, and migration guide.
EPSS Scores: How to Prioritize Vulnerabilities by Exploit Probability
A practical guide to using EPSS for vulnerability prioritization. Decision matrix, real CVE examples, CVSS comparison, and integration with ScanRook.
regreSSHion (CVE-2024-6387): The OpenSSH Vulnerability That Exposed Millions of Servers
Deep dive into regreSSHion (CVE-2024-6387), the OpenSSH signal handler race condition that affected 14 million internet-facing servers. Technical analysis, detection, and remediation.
Container Image Security Checklist: 15 Steps for Production-Ready Images
A comprehensive 15-step security checklist for hardening container images before production deployment, covering base images, scanning, secrets, runtime security, and monitoring.
How to Read an SBOM: CycloneDX vs SPDX Explained with Real Examples
Learn how to read and interpret Software Bill of Materials in CycloneDX and SPDX formats with annotated real-world examples, comparison tables, and regulatory context.
What Is the OSV API? Ecosystems, Advisories, and How It Works
A practical guide to the Open Source Vulnerabilities database, the advisory format it uses, and how scanners query it for vulnerability data.
Understanding the NVD and CVSS v3.1 Scoring
How the National Vulnerability Database works, what CPE matching means, and how CVSS v3.1 base scores are calculated.
EPSS Scores Explained: Exploit Prediction for Vulnerability Prioritization
What EPSS is, how percentile scores work, and why exploit probability is a better prioritization signal than severity alone.
CISA KEV Guide: Why Actively Exploited CVEs Demand Immediate Action
What the CISA Known Exploited Vulnerabilities catalog is, who it applies to, and how to use it in your remediation workflow.
Installed-State Scanning vs. Advisory Matching: Reducing False Positives
Why reading actual package manager databases produces more accurate findings than matching file paths against advisory lists.
Container Scanning Best Practices for Security Teams
Practical guidance on scanning container images effectively, from base image selection to CI/CD integration and finding prioritization.
What Is YARA and Why Security Teams Use It
A guide to YARA, the pattern-matching engine used by security teams for malware detection, and how ScanRook integrates it for deep container scanning.
Vulnerability Scanning for Compliance: What You Need to Know
Penalties for non-compliance, scanning frequency requirements by framework, and how to build a compliant vulnerability scanning program.
What We Learned from Black Duck (And How We Made License Scanning Better)
How Black Duck pioneered license scanning with snippet matching and proprietary databases, what has changed since 2005, and how modern tools deliver the same results at a fraction of the cost.
The Complete Guide to Open Source License Compliance in 2026
A comprehensive guide to open source license compliance covering legal risks, common mistakes, building a compliance program, tooling comparisons, and SBOM integration.
On-Prem vs SaaS Vulnerability Scanning: Which Is Right for You?
Data sovereignty, air-gapped environments, cost comparison, and when on-prem scanning is required versus when SaaS makes sense.
How Red Hat Backports Security Patches: A Complete Guide to RHEL Vulnerability Management
Understand how Red Hat backports security fixes, why package versions don't tell the full story, and how OVAL/CSAF data enables accurate RHEL vulnerability scanning.