grype

grype: A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.

grype-demo

Features

  • Scan the contents of a container image or filesystem to find known vulnerabilities.
  • Find vulnerabilities for major operating system packages:
    • Alpine
    • Amazon Linux
    • BusyBox
    • CentOS
    • Debian
    • Distroless
    • Oracle Linux
    • Red Hat (RHEL)
    • Ubuntu
  • Find vulnerabilities for language-specific packages:
    • Ruby (Gems)
    • Java (JAR, WAR, EAR, JPI, HPI)
    • JavaScript (NPM, Yarn)
    • Python (Egg, Wheel, Poetry, requirements.txt/setup.py files)
    • Dotnet (deps.json)
    • Golang (go.mod)
    • PHP (Composer)
    • Rust (Cargo)
  • Supports Docker, OCI and Singularity image formats.
  • Consume SBOM attestations.