Verified steps

Install OSV-Scanner v2 from the GitHub releases page or via `go install github.com/google/osv-scanner/cmd/osv-scanner@latest`
Pull or tag the container image locally so it is accessible to the Docker daemon (e.g., `docker pull myrepo/myimage:tag`)
Run the image scan with the v2 subcommand syntax: `osv-scanner scan image myrepo/myimage:tag`
Review the output table listing vulnerable packages, affected OSV IDs, severity scores, and the layer in which each package was introduced
Optionally pass `--format json` to emit structured JSON output suitable for ingestion into a CI pipeline or SIEM

Known gotchas

The `--docker` / `-D` flag for image scanning was removed in OSV-Scanner v2; using it will produce an error — the correct v2 syntax is the `scan image` subcommand
OSV-Scanner v2 requires access to the local Docker daemon to export image layers; ensure the daemon is running and the image is present locally before scanning
Results reflect the OSV advisory database at scan time; re-scan after database updates or image rebuilds to catch newly published vulnerabilities

aquasecurity.github.io/trivy · 5 steps · unrated

Query the OSV database and run OSV-Scanner across a repository to identify known vulnerabilities

osv.dev · 6 steps · unrated

Scan a container image or SBOM with Grype and configure fail thresholds based on severity to gate a CI pipeline

security/compliance · 5 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Scan a container image for vulnerabilities with OSV-Scanner v2

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes