Do we have a solution for scanning the images built on containerized build agents in Jenkins Master.

We have a CJOC where all the build agents are ephemeral & dockerized. We run all the builds on these docker containers whose base image is Amazon Linux. We use Kaniko pipeline to build new dockerless docker images on these containerized build agents. I want to scan these images built by kaniko pipeline for vulnerabilities before I push it to Amazon ECR. We use SNYK for local builds, have also tried SNYK plugin for jenkins but it requires docker daemon installed on a static VM (static VM we don't use) Have tried the docker in docker solution provided on Cloudbees Docs but that's not feasible in a production environment since we have give root privileges to the running container. Any other solutions you can think of ? if you do have an idea to fix this email me -mayank.sinha@salesforce.com P.S. I have used github Actions and it scans the images in a jiffy. I hope we can do the same in Cloudbees Jenkins.