Conscan - Container Scanner
Stop juggling multiple tools like Trivy, Grype, Syft, and Dockle.
ConScan scans container images for vulnerabilities, exposed secrets,
inefficient storage, SBOM generation, and CIS Benchmark checks — all in
one command.
$ docker run --rm ghcr.io/peek8/conscan:latest
scan alpine:latest Features
Everything you need to secure, optimize, and validate your container images before production.
Scans OS packages and software dependencies against known vulnerabilities with detailed severity ratings.
Detects API keys, tokens, passwords, and other sensitive information accidentally embedded in images.
Produces a detailed Software Bill of Materials for visibility into all components in use.
Highlights large or unnecessary files that increase image size and identifies optimization opportunities.
Validates images against Center for Internet Security (CIS) recommendations for compliance.
You can ask Conscan to explain vulnerabilities, CIS benchmarks, Packages in plain English with risk assessments and suggested fixes — all powered by AI.
Set up custom alert rules to get notified of critical findings via Slack or email.
Designed for seamless integration into build pipelines with multiple output formats and minimal overhead.
Under the Hood
Conscan orchestrates industry-leading security tools into a single unified workflow.
Vulnerabilities, secrets & misconfigurations
Deep vulnerability scanning
SBOM generation
Image efficiency analysis
CIS Benchmark validation
How It Works
One command runs all scanners and produces a consolidated, actionable report.
| Scanner | Function |
|---|---|
| Trivy | Vulnerability scanning & secret detection |
| Grype | OS package & dependency vulnerabilities |
| Syft | Software Bill of Materials (SBOM) |
| Dive | Image layer analysis & efficiency |
| Dockle | CIS Benchmark compliance checks |
Output Formats
Generate reports in the format that fits your workflow.
Human-readable CLI output for quick review
Machine-readable for pipeline integration
Shareable reports for teams and auditors
Quick Start
Start scanning your container images with just a few commands.
No installation required. Just run the container directly.
# Scan any container image
$ docker run --rm -it ghcr.io/peek8/conscan:latest scan alpine:latest Download the binary for your OS and install dependencies.
# Download and install (example for macOS ARM64)
$ conscan_version=v0.1.5 wget -qO- https://github.com/peek8/conscan/releases/download/v${conscan_version}/conscan_${conscan_version}_darwin_arm64.tar.gz | tar -xz -C /usr/local/bin conscan Run scans with custom options and output formats.
# Full scan with HTML report
$ conscan scan --format html --output report.html yourimage:tag
# Scan specific categories only
$ conscan scan --scanners=vuln,secret yourimage:tag Add Conscan to your GitHub Actions workflow for automated scanning.
# In your GitHub Actions workflow
- run: | docker run --rm ghcr.io/peek8/conscan:latest \ scan ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} For more details, See the "scan" Job and "update-index" Job at the github action workflows at conscan-sample repo.
Premium Feature
⭐ PremiumA centralised web dashboard to browse, filter, and track all your scan reports over time — across images, teams, and environments.
| Image | Scanned | Critical | High | Secrets | Status |
|---|---|---|---|---|---|
| api-gateway:v2.1.0 | 2 mins ago | 5 | 12 | 0 | Fail |
| frontend:v3.0.2 | 14 mins ago | 0 | 3 | 0 | Pass |
| worker:v1.4.1 | 1 hour ago | 7 | 19 | 2 | Fail |
| postgres:15-alpine | 3 hours ago | 0 | 6 | 0 | Review |
Premium Feature
⭐ PremiumClick "Explain with AI" on any scan report row to get instant, human-readable explanations of vulnerabilities, CIS benchmarks, and packages — no security expertise required.
Understand what each CVE means, its real-world impact, and actionable remediation steps — explained in plain language by AI.
Get AI-powered breakdowns of each CIS benchmark check — why it matters, what failed, and how to bring your image into compliance.
Ask AI about any package in your SBOM — what it does, known risks, license implications, and whether safer alternatives exist.
Premium Feature
⭐ PremiumSet threshold-based rules to automatically notify your team via Slack or email when scan results meet your defined conditions.
Supported Channels
#security, #devops Rule Triggers
The Dashboard, Explain with AI, and Smart Alert Rules are premium features not included in the open source release. Contact us to get your license and unlock these capabilities for your team.
Get a License — hello@peek8.ioEverything you need to secure containers — choose the plan that fits your team.
Want to unlock Premium features for your team?
Contact us — hello@peek8.ioJoin developers and DevOps teams who trust Conscan to keep their container workloads secure, lean, and compliant.