Grype – Vulnerability Scanner for Container Images

Grype is a vulnerability scanner for container images and filesystems. The tool pulls a database of vulnerabilities derived from the publicly available Anchore Feed Service. This database is updated at the beginning of each scan, but an update can also be triggered manually.

Grype can scan a variety of sources beyond those found in Docker.

Grype - Vulnerability Scanner for Container Images and Filesystems
Grype – Vulnerability Scanner for Container Images and Filesystems

Some of the features with this tool are:

  • Scan the contents of a container image or filesystem to find known vulnerabilities.
  • Find vulnerabilities for major operating system packages
    • Alpine
    • BusyBox
    • CentOS / Red Hat
    • Debian
    • Ubuntu
  • Find vulnerabilities for language-specific packages
    • Ruby (Bundler)
    • Java (JARs, etc)
    • JavaScript (NPM/Yarn)
    • Python (Egg/Wheel)
    • Python pip/requirements.txt/setup.py listings
  • Supports Docker and OCI image formats

You can read more and download this tool over here: https://github.com/anchore/grype

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments