Conscan - Container Scanner
Scan container images for vulnerabilities, exposed secrets, inefficient storage, SBOM generation, and CIS Benchmark checks — all in one command.
$ docker run --rm ghcr.io/peek8/conscan:latest
scan alpine:latest Features
Everything you need to secure, optimize, and validate your container images before production.
Scans OS packages and software dependencies against known vulnerabilities with detailed severity ratings.
Detects API keys, tokens, passwords, and other sensitive information accidentally embedded in images.
Produces a detailed Software Bill of Materials for visibility into all components in use.
Highlights large or unnecessary files that increase image size and identifies optimization opportunities.
Validates images against Center for Internet Security (CIS) recommendations for compliance.
Designed for seamless integration into build pipelines with multiple output formats and minimal overhead.
Under the Hood
Conscan orchestrates industry-leading security tools into a single unified workflow.
Vulnerabilities, secrets & misconfigurations
Deep vulnerability scanning
SBOM generation
Image efficiency analysis
CIS Benchmark validation
How It Works
One command runs all scanners and produces a consolidated, actionable report.
| Scanner | Function |
|---|---|
| Trivy | Vulnerability scanning & secret detection |
| Grype | OS package & dependency vulnerabilities |
| Syft | Software Bill of Materials (SBOM) |
| Dive | Image layer analysis & efficiency |
| Dockle | CIS Benchmark compliance checks |
Output Formats
Generate reports in the format that fits your workflow.
Human-readable CLI output for quick review
Machine-readable for pipeline integration
Shareable reports for teams and auditors
Quick Start
Start scanning your container images with just a few commands.
No installation required. Just run the container directly.
# Scan any container image
docker run --rm -it ghcr.io/peek8/conscan:latest scan alpine:latest Download the binary for your OS and install dependencies.
# Download and install (example for macOS ARM64)
conscan_version=0.1.0-alpha1 wget -qO- https://github.com/peek8/conscan/releases/download/v${conscan_version}/conscan_${conscan_version}_darwin_arm64.tar.gz | tar -xz -C /usr/local/bin conscan Run scans with custom options and output formats.
# Full scan with HTML report
conscan scan --format html --output report.html yourimage:tag
# Scan specific categories only
conscan scan --scanners=vuln,secret yourimage:tag Add Conscan to your GitHub Actions workflow for automated scanning.
# In your GitHub Actions workflow
- name: Scan container image run: | docker run --rm ghcr.io/peek8/conscan:latest
\ scan ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} Premium Feature
⭐ PremiumA centralised web dashboard to browse, filter, and track all your scan reports over time — across images, teams, and environments.
| Image | Scanned | Critical | High | Secrets | Status |
|---|---|---|---|---|---|
| api-gateway:v2.1.0 | 2 mins ago | 5 | 12 | 0 | Fail |
| frontend:v3.0.2 | 14 mins ago | 0 | 3 | 0 | Pass |
| worker:v1.4.1 | 1 hour ago | 7 | 19 | 2 | Fail |
| postgres:15-alpine | 3 hours ago | 0 | 6 | 0 | Review |
Premium Feature
⭐ PremiumSet threshold-based rules to automatically notify your team via Slack or email when scan results meet your defined conditions.
Supported Channels
#security, #devops Rule Triggers
The Dashboard and Smart Alert Rules are premium features not included in the open source release. Contact us to get your license and unlock these capabilities for your team.
Get a License — hello@peek8.ioJoin developers and DevOps teams who trust Conscan to keep their container workloads secure, lean, and compliant.