container-grype

Solid

Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.

AI & Automation 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# Container Vulnerability Scanning with Grype ## Overview Grype is an open-source vulnerability scanner that identifies known security flaws in container images, filesystems, and Software Bill of Materials (SBOM) documents. It analyzes operating system packages (Alpine, Ubuntu, Red Hat, Debian) and language-specific dependencies (Java, Python, JavaScript, Ruby, Go, PHP, Rust) against vulnerability databases to detect CVEs. Grype emphasizes actionable security insights through: - CVSS severity ratings for risk classification - EPSS exploit probability scores for threat assessment - CISA Known Exploited Vulnerabilities (KEV) indicators - Multiple output formats (table, JSON, SARIF, CycloneDX) for toolchain integration ## Quick Start Scan a container image: ```bash grype <image-name> ``` Examples: ```bash # Scan official Docker image grype alpine:latest # Scan local Docker image grype myapp:v1.2.3 # Scan filesystem directory grype dir:/path/to/project # Scan SBOM file grype sbom:/path/to/sbom.json ``` ## Core Workflow ### Basic Vulnerability Scan 1. **Identify scan target**: Determine what to scan (container image, filesystem, SBOM) 2. **Run Grype scan**: Execute `grype <target>` to analyze for vulnerabilities 3. **Review findings**: Examine CVE IDs, severity, CVSS scores, affected packages 4. **Prioritize remediation**: Focus on critical/high severity, CISA KEV, high EPSS scores 5. **Apply fixes**: Update vulnerable packages or base images 6. **Re-scan**: Verify vul...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Integrates with

Docker · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

scanning-container-images-with-grype

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable severity thresholds.

13,115 Updated today
mukul975
AI & Automation Featured

securing-container-registry-images

Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image signing with Cosign and Sigstore, configuring registry access controls, and building CI/CD pipelines that prevent deploying unscanned or unsigned images.

13,115 Updated today
mukul975
DevOps & Infrastructure Solid

sca-trivy

Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.

335 Updated today
aiskillstore
AI & Automation Solid

container-security-scanner

Container image and Kubernetes security scanning for CVEs, misconfigurations, and compliance

1,160 Updated today
a5c-ai
AI & Automation Featured

scanning-docker-images-with-trivy

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati

13,115 Updated today
mukul975