grype
grype is a vulnerability scanner for container images and filesystems.[1]
- Project Homepage [EN]
- grype [EN] @ Homebrew Formula
Syntax
grype [IMAGE] [PARAMETER ...]
Parameters
- --only-fixed
- Ignore matches for vulnerabilities that are not fixed.
- --only-notfixed
- Ignore matches for vulnerabilities that are fixed.
- -o FORMAT, --output FORMAT
- Report output formatter, FORMATs=[json table cyclonedx cyclonedx-json sarif template].
- --platform PLATFORM
- An optional PLATFORM specifier for container image sources (e.g. linux/arm64, linux/arm64/v8, arm64, linux).
- -q, --quiet
- Suppress all logging output.
- -s SCOPE, --scope SCOPE
- Selection of layers to analyze, options=[Squashed AllLayers] (default Squashed).
- -v, --verbose
- Increase verbosity (-v = info, -vv = debug).
Examples
- Scan the Traefik container
grype 'traefik:v2.10' --scope 'AllLayers'
References
- ↑ Repository contributors. "grype." GitHub. https://github.com/anchore/grype (accessed 02.07.2023)