# Further Reading

## Presentations
- Aqua Security YouTube Channel
    - [Trivy - container image scanning][intro]
    - [Using Trivy in client server mode][server]
    - [Tweaking Trivy output to fit your workflow][tweaking]
    - [How does a vulnerability scanner identify packages?][identify]
- CNCF Webinar 2020
    - [Trivy Open Source Scanner for Container Images – Just Download and Run!][cncf]
- KubeCon + CloudNativeCon Europe 2020 Virtual
    - [Handling Container Vulnerabilities with Open Policy Agent - Teppei Fukuda, Aqua Security][kubecon]
  
## Blogs
- [Trivy Vulnerability Scanner Joins the Aqua Open-source Family][join]
- [Trivy Image Vulnerability Scanner Now Under Apache 2.0 License][license]
- [DevSecOps with Trivy and GitHub Actions][actions]
- [Find Image Vulnerabilities Using GitHub and Aqua Security Trivy Action][actions2]
- [Using Trivy to Discover Vulnerabilities in VS Code Projects][vscode]

## External Blogs/Links
- [the vulnerability remediation lifecycle of Alpine containers][alpine]
- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy][round-up]
- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy][tool-comparison]
- [Research Spike: evaluate Trivy for scanning running containers][gitlab]
- [Istio evaluates scanners][istio]

[intro]: https://www.youtube.com/watch?v=AzOBGm7XxOA
[cncf]: https://www.youtube.com/watch?v=XnYxX9uueoQ
[server]: https://www.youtube.com/watch?v=tNQ-VlahtYM
[kubecon]: https://www.youtube.com/watch?v=WKE2XNZ2zr4
[identify]: https://www.youtube.com/watch?v=PaMnzeHBa8M
[tweaking]: https://www.youtube.com/watch?v=wFIGUjcRLnU

[join]: https://blog.aquasec.com/trivy-vulnerability-scanner-joins-aqua-family
[license]: https://blog.aquasec.com/trivy-open-source-vulnerability-scanner-apache2.0-license
[actions]: https://blog.aquasec.com/devsecops-with-trivy-github-actions
[actions2]: https://blog.aquasec.com/github-vulnerability-scanner-trivy
[vscode]: https://blog.aquasec.com/trivy-open-source-vulnerability-scanner-vs-code

[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
[round-up]: https://boxboat.com/2020/04/24/image-scanning-tech-compared/
[tool-comparison]: https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/
[gitlab]: https://gitlab.com/gitlab-org/gitlab/-/issues/270888
[istio]: https://github.com/istio/release-builder/pull/687#issuecomment-874938417