Security Scanning When to Use - Scanning a project directory for known vulnerabilities (CVEs) - Scanning a container image before deployment - Scanning Infrastructure-as-Code (Terraform, CloudFormation) for misconfigurations - Linting shell scripts for bugs, pitfalls, and unsafe patterns - Encrypting or decrypting secrets stored in YAML/JSON config files - Checking dependencies for known security issues Tools | Tool | Purpose | Structured output | |------|---------|-------------------| | Trivy | Vulnerability scanner for filesystems, containers, IaC | or | | ShellCheck | Static analysis and l…