Recently we descovered a CVE within one of our development images. Therfore we wanted to not happen this again. So we got going with docker security scanning. Quick we found Clair by CoreOS wich seams to be reasonable for our purposes.
In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the database.