Summary: Grype is an open-source vulnerability scanner that identifies security vulnerabilities in container images and filesystems, integrating effectively with the Software Bill of Materials tool, Syft. It supports a wide range of operating system and language-specific packages, making it a versatile tool for developers and security professionals.
Threat Actor: N/A | N/A
Victim: N/A | N/A
Key Point :
- Grype scans for vulnerabilities in major operating system packages such as Ubuntu, Red Hat, and Alpine.
- It also checks for vulnerabilities in language-specific packages like Ruby, Java, Python, and more.
- The tool allows users to define custom output formats using Go templates, but caution is advised when using templates that access system information.
- Grype is available for free on GitHub and is currently compatible with macOS and Linux only.
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool.
Find vulnerabilities for major operating system packages
- Alpine
- Amazon Linux
- BusyBox
- CentOS
- CBL-Mariner
- Debian
- Distroless
- Oracle Linux
- Red Hat (RHEL)
- Ubuntu
- Wolfi
Find vulnerabilities for language-specific packages
- Ruby (Gems)
- Java (JAR, WAR, EAR, JPI, HPI)
- JavaScript (NPM, Yarn)
- Python (Egg, Wheel, Poetry, requirements.txt/setup.py files)
- Dotnet (deps.json)
- Golang (go.mod)
- PHP (Composer)
- Rust (Cargo)
Grype lets you define custom output formats using Go templates. Since templates can access system information, such as environment variables, you should always use trusted templates.
Grype is available for free on GitHub. Currently, the tool is built only for macOS and Linux.
Must read:
“An interesting youtube video that may be related to the article above”