Grype – Best Vulnerability Scanner For Container Images & Filesystems

Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based operating systems.

Features of Grype Vulnerability Scanner For Container Images & Filesystems

Scan the contents of a container image or filesystem to find known vulnerabilities and find vulnerabilities for major operating system packages in:

  • Alpine
  • BusyBox
  • CentOS / Red Hat
  • Debian
  • Ubuntu

Find vulnerabilities for language-specific packages:

  • Ruby (Bundler)
  • Java (JARs, etc)
  • JavaScript (NPM/Yarn)
  • Python (Egg/Wheel)
  • Python pip/requirements.txt/ listings

Supports Docker and OCI image formats

Using Grype Vulnerability Scanner For Container Images & Filesystems

To scan for vulnerabilities in an image:

1grype <image>

Grype can scan a variety of sources beyond those found in Docker.




# scan a container image archive (from the result of `docker image save …`, `podman save …`, or `skopeo copy` commands)

grype path/to/image.tar

 # scan a directory

grype dir:path/to/dir

The output format for Grype is configurable as well:

1grype <image> -o <format>

Where the formats available are:

  • json: Use this to get as much information out of Grype as possible!
  • cyclonedx: An XML report conforming to the CycloneDX 1.2 specification.
  • table: A columnar summary (default).

You can download Grype here:

Or read more here.

Spread the love

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *