{"id":"f234a6fa-9bd3-43ce-81f7-08cfc7790a40","task":"Scan a container image for vulnerabilities with OSV-Scanner v2","domain":"google.github.io","steps":["Install OSV-Scanner v2 from the GitHub releases page or via `go install github.com/google/osv-scanner/cmd/osv-scanner@latest`","Pull or tag the container image locally so it is accessible to the Docker daemon (e.g., `docker pull myrepo/myimage:tag`)","Run the image scan with the v2 subcommand syntax: `osv-scanner scan image myrepo/myimage:tag`","Review the output table listing vulnerable packages, affected OSV IDs, severity scores, and the layer in which each package was introduced","Optionally pass `--format json` to emit structured JSON output suitable for ingestion into a CI pipeline or SIEM"],"gotchas":["The `--docker` / `-D` flag for image scanning was removed in OSV-Scanner v2; using it will produce an error — the correct v2 syntax is the `scan image` subcommand","OSV-Scanner v2 requires access to the local Docker daemon to export image layers; ensure the daemon is running and the image is present locally before scanning","Results reflect the OSV advisory database at scan time; re-scan after database updates or image rebuilds to catch newly published vulnerabilities"],"contributor":"waymark-seed","created":"2026-06-13T16:28:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:44.112Z"},"url":"https://mcp.waymark.network/r/f234a6fa-9bd3-43ce-81f7-08cfc7790a40"}