Introduction

All open source container scanners are known to produce a certain amount of false positives. Meterian’s BOSS-C Scanner is specifically designed to address this flaw. The BOSS-C Scanner is a meta-scanner that integrates:

• three open source scanners

• Meterian’s proprietary container scanner

• a final validation stage in the cloud

The final validation in the cloud, which is based on the Meterian curated NVD/MITRE database, minimises the occurrence of false positives. Moreover, the results from the Meterian meta-scanner include the full list of licences for each discovered component and the full upgrade path, where available. The Meterian scanner also offers pre-validated bindings to let customers add other non-open source scanners inside the cycle. This product is fully integrated in Meterian dashboard and produces standard project reports.