ContextQMD
Back to Grype

Grype

README.md

0.112.06.0 KB
Original Source
<p align="center"> </p>

Grype

A vulnerability scanner for container images and filesystems.

<p align="center"> &nbsp;<a href="https://github.com/anchore/grype/actions?query=workflow%3A%22Static+Analysis+%2B+Unit+%2B+Integration%22"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype/actions/workflows/validations.yaml"></a>&nbsp; &nbsp;<a href="https://goreportcard.com/report/github.com/anchore/grype"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype/releases/latest"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype/blob/main/LICENSE"></a>&nbsp; &nbsp;<a href="https://anchore.com/discourse"></a>&nbsp; &nbsp;<a rel="me" href="https://fosstodon.org/@grype"></a>&nbsp; </p>

Features

  • Scan container images, filesystems, and SBOMs for known vulnerabilities (see the docs for a full list of supported scan targets)
  • Supports major OS package ecosystems (Alpine, Debian, Ubuntu, RHEL, Oracle Linux, Amazon Linux, and more)
  • Supports language-specific packages (Ruby, Java, JavaScript, Python, .NET, Go, PHP, Rust, and more)
  • Supports Docker, OCI, and Singularity image formats
  • Threat & risk prioritization with EPSS, KEV, and risk scoring (see interpreting the results docs)
  • OpenVEX support for filtering and augmenting scan results

[!TIP] New to Grype? Check out the Getting Started guide for a walkthrough!

Installation

The quickest way to get up and going:

bash
curl -sSfL https://get.anchore.io/grype | sudo sh -s -- -b /usr/local/bin

[!TIP] See Installation docs for more ways to get Grype, including Homebrew, Docker, Chocolatey, MacPorts, and more!

The basics

Scan a container image or directory for vulnerabilities:

bash
# container image
grype alpine:latest

# directory
grype ./my-project

Scan an SBOM for even faster vulnerability detection:

bash
# scan a Syft SBOM
grype sbom:./sbom.json

# pipe an SBOM into Grype
cat ./sbom.json | grype

[!TIP] Check out the Getting Started guide to explore all of the capabilities and features.

Want to know all of the ins-and-outs of Grype? Check out the CLI docs and configuration docs.

Contributing

We encourage users to help make these tools better by submitting issues when you find a bug or want a new feature. Check out our contributing overview and developer-specific documentation if you are interested in providing code contributions.

<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"> Grype development is sponsored by <a href="https://anchore.com/">Anchore</a>, and is released under the <a href="https://github.com/anchore/grype?tab=Apache-2.0-1-ov-file">Apache-2.0 License</a>. The <a property="dct:title" rel="cc:attributionURL" href="https://anchore.com/wp-content/uploads/2024/11/grype-logo.svg">Grype logo</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://anchore.com/">Anchore</a> is licensed under <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY 4.0</a> </p>

For commercial support options with Syft or Grype, please contact Anchore.

Come talk to us!

The Grype Team holds regular community meetings online. All are welcome to join to bring topics for discussion.