docker – Running a dockerized security tool against a dockerized service

I’m looking for advice on taking several different docker containers that contain various security tools and running them against containers that have services for testing.

If I have two containers, (web app and a backend service) and various tools how would you handle best building them as needing? I’m newer to setting up something like this and building pipelines so pointing me in the right direction would be great.