cross_validate
Scans a Docker image with both Trivy and Grype, then compares results to identify vulnerabilities unique to each engine's database for broader coverage.
Instructions
Scan a Docker image with BOTH Trivy and Grype, then compare results. Surfaces vulnerabilities found by only one engine (different databases = different coverage). This is the key differentiator — no other MCP server offers multi-engine cross-validation.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| tag | No | Image tag | |
| image | Yes | Docker image to scan with both engines | |
| timeout | No | Timeout per engine in seconds (default: 120) | |
| severity | No | Severities to compare (default: CRITICAL,HIGH,MEDIUM) |