Request to share vulnerability tool used for scanning the prometheus images and also share the vulnerability report if any.

[rajani-konreddy]

I am unable to find vulnerabilities report for prometheus. So, does prometheus images are scanned for vulnerabilities.
If yes, please share the required tool details and report if any. Provided information will help me to understand the security risks.
Thanks.

[dgl]

Prometheus does not use any scanning of the images, as they generally are not useful instead the source code is scanned by tools like dependabot and dependencies are updated, due to the regular releases, users can easily get a recent version; or use the LTS releases. Prometheus has also had various external audits as mentioned at https://prometheus.io/docs/operating/security/#external-audits