Grype: Open-source vulnerability scanner for container images, filesystems

Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool.

open-source vulnerability scanner

Find vulnerabilities for major operating system packages

  • Alpine
  • Amazon Linux
  • BusyBox
  • CentOS
  • CBL-Mariner
  • Debian
  • Distroless
  • Oracle Linux
  • Red Hat (RHEL)
  • Ubuntu
  • Wolfi

Find vulnerabilities for language-specific packages

  • Ruby (Gems)
  • Java (JAR, WAR, EAR, JPI, HPI)
  • JavaScript (NPM, Yarn)
  • Python (Egg, Wheel, Poetry, requirements.txt/setup.py files)
  • Dotnet (deps.json)
  • Golang (go.mod)
  • PHP (Composer)
  • Rust (Cargo)

Grype lets you define custom output formats using Go templates. Since templates can access system information, such as environment variables, you should always use trusted templates.

Grype is available for free on GitHub. Currently, the tool is built only for macOS and Linux.

Must read:

OPIS OPIS


Don't miss