Grype is a vulnerability scanner for container images and filesystems.
Features of Grype are-
- Scan the contents of a container image or filesystem to find known vulnerabilities.
- Find vulnerabilities for major operating system packages
- Alpine
- BusyBox
- CentOS / Red Hat
- Debian
- Ubuntu
- Find vulnerabilities for language-specific packages
- Ruby (Bundler)
- Java (JARs, etc)
- JavaScript (NPM/Yarn)
- Python (Egg/Wheel)
- Python pip/requirements.txt/setup.py listings
- Supports Docker and OCI image formats
Download Link: https://github.com/anchore/grype