Container Image and Helm Chart CVE comparison tool
This tool allows you to scan and compare Container images or Helm charts and analyze their CVE (Common Vulnerabilities and Exposures) reports. When comparing Helm charts, the tool will download the charts and scan every container image in the chart.
The tool supports two main operations:
- Single artifact scanning
- Artifact comparison
helmscan [--json] [--report] <artifact>Examples:
# Scan a Docker image
helmscan --json --report docker.io/library/ubuntu:22.04
# Scan a Helm chart
helmscan --report myrepo/[email protected]helmscan --compare [--json] [--report] <artifact1> <artifact2>Examples:
# Compare Docker images
helmscan --compare --json --report docker.io/library/ubuntu:20.04 docker.io/library/ubuntu:22.04
# Compare Helm charts
helmscan --compare --report myrepo/[email protected] myrepo/[email protected]--compare: Enable comparison mode--report: Generate a report file (optional)--json: Output in JSON format (optional, defaults to markdown)
Reports are automatically saved in the working-files directory when using --report:
working-files/
scans/
{scan-name}/
scan_report.{md,json}
tmp/
trivy_output/
{image}_trivy_output.json
- Trivy must be installed and accessible in your PATH
- For Helm charts, use the format
repo/chart@version