scanning-container-images-with-grype

Featured

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable severity thresholds.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Scanning Container Images with Grype ## Overview Grype is an open-source vulnerability scanner from Anchore that inspects container images, filesystems, and SBOMs for known CVEs. It leverages Syft-generated SBOMs to match packages against multiple vulnerability databases including NVD, GitHub Advisories, and OS-specific feeds. ## When to Use - When conducting security assessments that involve scanning container images with grype - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Docker or Podman installed - Grype CLI installed (`curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin`) - Syft CLI (optional, for SBOM generation) - Network access to pull vulnerability databases ## Core Commands ### Install Grype ```bash # Install via script curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin # Verify installation grype version # Install via Homebrew (macOS/Linux) brew install grype ``` ### Scan Container Images ```bash # Scan a Docker Hub image grype nginx:latest # Scan from Docker daemon grype docker:myapp:1.0 # Scan a local archive grype docker-archive:image.tar # Scan an OCI directory grype oci-dir:path/to/oci/ # Scan a Singularity image grype sif:image.sif # Scan a local directory / file...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

container-grype

Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.

335 Updated today
aiskillstore
AI & Automation Featured

securing-container-registry-images

Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image signing with Cosign and Sigstore, configuring registry access controls, and building CI/CD pipelines that prevent deploying unscanned or unsigned images.

13,115 Updated today
mukul975
AI & Automation Featured

scanning-docker-images-with-trivy

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati

13,115 Updated today
mukul975
AI & Automation Solid

container-security-scanner

Container image and Kubernetes security scanning for CVEs, misconfigurations, and compliance

1,160 Updated today
a5c-ai
AI & Automation Featured

performing-container-security-scanning-with-trivy

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.

13,115 Updated today
mukul975