Grype: Open-source vulnerability scanner for container images, filesystems

Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool.

Find vulnerabilities for major operating system packages

• Alpine
• Amazon Linux
• BusyBox
• CentOS
• CBL-Mariner
• Debian
• Distroless
• Oracle Linux
• Red Hat (RHEL)
• Ubuntu
• Wolfi

Find vulnerabilities for language-specific packages

• Ruby (Gems)
• Java (JAR, WAR, EAR, JPI, HPI)
• JavaScript (NPM, Yarn)
• Python (Egg, Wheel, Poetry, requirements.txt/setup.py files)
• Dotnet (deps.json)
• Golang (go.mod)
• PHP (Composer)
• Rust (Cargo)

Grype lets you define custom output formats using Go templates. Since templates can access system information, such as environment variables, you should always use trusted templates.

Grype is available for free on GitHub. Currently, the tool is built only for macOS and Linux.

Must read:

• 20 free cybersecurity tools you might have missed
• 15 open-source cybersecurity tools you’ll wish you’d known earlier
• 20 essential open-source cybersecurity tools that save you time