All open source scanners are known to produce a certain amount of false positives. Meterian’s Container Scanner is specifically designed to address this flaw. It's a meta-scanner that integrates:

• three open-source scanners engines

  • Trivy

  • Grype

  • Syft

• the Meterian proprietary container scanner

• a final validation stage in the cloud

The final validation in the cloud, which is based on the Meterian curated NVD/MITRE database, minimises the occurrence of false positives. Moreover, the results from the Meterian meta-scanner include the full list of licences for each discovered component and the full upgrade path, where available. This product is fully integrated into the Meterian product line and produces the same easy-to-read reports as any project scanned (see an example here)

The Meterian Container Scanner is a separate product from the standard Meterian Client and has to be licensed separately.

Find out more on the usage in the next page.