vulnerability-scanning

I scan container images before they ever reach a registry promotion step. Trivy gives quick visibility into OS packages, language dependencies, and misconfiguration issues in IaC. The important part is failing only on risk that the team is prepared to