# External References
There are external blogs and evaluations.

## Blogs
- [the vulnerability remediation lifecycle of Alpine containers][alpine]
- [Continuous Container Vulnerability Testing with Trivy][semaphore]
- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy][round-up]
- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy][tool-comparison]

## Links
- [Research Spike: evaluate Trivy for scanning running containers][gitlab]
- [Istio evaluates scanners][istio]

[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
[semaphore]: https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy
[round-up]: https://boxboat.com/2020/04/24/image-scanning-tech-compared/
[tool-comparison]: https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/
[gitlab]: https://gitlab.com/gitlab-org/gitlab/-/issues/270888
[istio]: https://github.com/istio/release-builder/pull/687#issuecomment-874938417