...
Both Operating System packages and application libraries are scanned.
If Trivy misses anything, Snyk is scanning inttest and production.
Mitigation
If a critical security issue is found in the docker image the supplier will be notified and needs to take swift action (within 3 hours) to mitigate the issue.
...