Definitely! A lot of this falls under the "reachability" umbrella. It's just a little harder to say if something is actually used vs just installed. For example, in your app you could exec a script which can be harder for tools to detect with accuracy and there are just quite a few edge cases to handle
lysace|9 months ago
> Critical and high CVEs in base images dropped to near zero. Our vulnerability scanners became quieter, with fewer false positives and less noise.
Are there vulnerability scanners that attempt to look for what is actually used, instead of just what is present?
dschofie|9 months ago
unknown|9 months ago
[deleted]