Security Scanning

Nautilus includes built-in vulnerability scanning powered by Trivy. Scan any local image to detect CVEs across all layers.

1. Go to Images in the sidebar
2. Select an image
3. Click Scan for Vulnerabilities
4. Wait for the scan to complete (cached for faster re-scans)

Vulnerabilities are classified by severity:

• Critical - Immediate action required
• High - Should be fixed soon
• Medium - Fix when possible
• Low - Minimal risk
• Negligible - Informational

Each vulnerability shows: CVE ID, CVSS score, affected package, and fix version if available.

• Scan images before deploying to production
• Use minimal base images (Alpine, distroless)
• Keep base images updated
• Review and address Critical/High vulnerabilities