Grype
github.com
1
Leaving SiteNav
External Link Disclaimer
You are about to visit github.com. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
Grype is a fast, accurate vulnerability scanner for container images, filesystems, and SBOMs (Software Bill of Materials), developed by Anchore Inc. Written in Go with over 8,800 stars as of 2026, Grype identifies known vulnerabilities (CVEs) in application dependencies and OS packages by matching them against an embedded vulnerability database that is synced from multiple sources including the National Vulnerability Database (NVD), GitHub Security Advisories, Alpine SecDB, Debian Security Tracker, OSV, and direct vendor advisories. Scanning targets include: container images (from Docker daemon, OCI layout, registry, or tar archive), filesystems (local directories), and SBOMs (CycloneDX JSON/XML, SPDX tag-value/JSON, and Syft JSON format). The vulnerability database covers: OS packages (Alpine, Amazon Linux, Debian, Ubuntu, RHEL/CentOS, SUSE, Oracle Linux, Wolfi, Chainguard), language ecosystems (Python/PyPI, Node.js/npm, Ruby/Gems, Java/Maven, Go modules, .NET/NuGet, Rust/Cargo, PHP/Composer), and application-specific vulnerability data. Key features include: match-by-exact-version and match-by-version-range strategies, fixed-in version reporting (showing the minimum safe version), severity filtering (negligible, low, medium, high, critical), ignore rules (YAML-based suppression with expiration dates), output formats (table, JSON, cyclonedx, sarif, template-based), DB update management with configurable polling intervals, air-gap/offline mode via pre-bundled DB, and SBOM-to-vulnerability pipeline integration with Syft (Grype's companion SBOM generation tool). Grype integrates with GitHub Actions, GitLab CI, and Jenkins.
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike