Grype is a vulnerability scanner for Container images and filesystems. Works with Syft, a powerful SBOM image management tool and filesystems.
Table of Contents
Specifications
- Scan the contents of an image container or file system to find vulnerabilities.
- Find vulnerabilities in large packages of the following operating systems:
- Alpine
- Amazon linux
- BusyBox
- CentOS
- Debian
- Distroless
- Oracle Linux
- Red Hat (RHEL)
- Ubuntu
- Find vulnerabilities for specific language packs:
- Ruby (Gems)
- Java (JAR, WAR, EAR, JPI, HPI)
- JavaScript (NPM, Yarn)
- Python (Egg, Wheel, Poetry, requirements.txt / setup.py files)
- Supports Docker and OCI image images
Installation
Recommended (macOS and Linux)
# install the latest version in / usr / local / bin curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s --b / usr / local / bin # install specific version on specific dir curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s - b < SOME_BIN_PATH > < RELEASE_VERSION >
Homebrew (macOS)
brew tap anchore / grype brew install grype
Program configuration
- .grype.yaml
- .grype / config.yaml
- ~ / .grype.yaml
- /grype/config.yaml
You can download the program from here.