Security analysis on ODK Docker - How?

[matentzn]

Given reports on ever more malicious public docker images I would like to do due diligence on ODK to make sure that there is zero malicious code (through packages, dependencies of packages, etc) in ODK. Is such an analysis at all possible? Is it as easy as running a command line virus scan or something inside a container?