II.
StackProfile JSON
Structured · livestack-profile:container-registry-scanning
Container Registry & Scanning (Docker, Trivy, Kubernetes, Go, Snyk) json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "stack-profile:container-registry-scanning",
"_kind": "StackProfile",
"_file": "domain/stack-profiles/deep-stacks-5.yaml",
"_cluster": "domain",
"attributes": {
"displayName": "Container Registry & Scanning (Docker, Trivy, Kubernetes, Go, Snyk)",
"description": "A container image lifecycle platform centered on building, scanning, and\ndistributing OCI images. Docker builds multi-stage images while Trivy and\nSnyk perform vulnerability scanning at both build-time and runtime.\nKubernetes admission controllers reject images that fail policy checks\nbefore pods are scheduled. Custom Go tooling integrates with CI pipelines\nto generate SBOMs and enforce base-image freshness policies. Ideal for\nsecurity-conscious organizations that need full supply-chain visibility\nfrom Dockerfile to production pod. The tradeoff is scan latency in CI\nand the operational burden of maintaining allowlists for known CVEs.\n",
"composes": [
"tool:docker",
"tool:trivy",
"tool:kubernetes",
"language:go",
"tool:snyk",
"tool:github-actions",
"tool:opa",
"tool:checkov"
]
},
"outgoingEdges": [
{
"from": "stack-profile:container-registry-scanning",
"to": "tool:docker",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "tool:trivy",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "tool:kubernetes",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "language:go",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "tool:snyk",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "tool:github-actions",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "tool:opa",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "tool:checkov",
"kind": "composed_of"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "role:security-engineer",
"kind": "used_by_role"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "role:devops-engineer",
"kind": "used_by_role"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "role:platform-engineer",
"kind": "used_by_role"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "workflow:container-image-hardening",
"kind": "follows_workflow"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "workflow:supply-chain-attack-simulation",
"kind": "follows_workflow"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "domain:cybersecurity",
"kind": "applies_to"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "domain:devops",
"kind": "applies_to"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "skill-area:container-security",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "skill-area:vulnerability-scanning",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "skill-area:supply-chain-security",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "skill-area:containerization",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:container-registry-scanning",
"to": "skill-area:ci-security",
"kind": "requires_skill_area"
}
],
"incomingEdges": []
}