Image Overview: grype
Overview: grype Chainguard Image
A vulnerability scanner for container images and filesystems
Get It!
The image is available on cgr.dev:
docker pull cgr.dev/chainguard/grype:latest
Image Variants
Our latest tag uses the most recent build of the Wolfi grype package. The following tagged variant is available without authentication:
latest: This is an image for runninggrypecommands. It does not include a shell or other applications.
grype help
This will automatically pull the image to your local system and execute the command grype help:
docker run --rm cgr.dev/chainguard/grype help
A vulnerability scanner for container images, filesystems, and SBOMs.
Supports the following image sources:
grype yourrepo/yourimage:tag defaults to using images from a Docker daemon
grype path/to/yourproject a Docker tar, OCI tar, OCI directory, SIF container, or generic filesystem directory
You can also explicitly specify the scheme to use:
grype podman:yourrepo/yourimage:tag explicitly use the Podman daemon
grype docker:yourrepo/yourimage:tag explicitly use the Docker daemon
grype docker-archive:path/to/yourimage.tar use a tarball from disk for archives created from "docker save"
grype oci-archive:path/to/yourimage.tar use a tarball from disk for OCI archives (from Podman or otherwise)
grype oci-dir:path/to/yourimage read directly from a path on disk for OCI layout directories (from Skopeo or otherwise)
grype singularity:path/to/yourimage.sif read directly from a Singularity Image Format (SIF) container on disk
grype dir:path/to/yourproject read directly from a path on disk (any directory)
grype sbom:path/to/syft.json read Syft JSON from path on disk
grype registry:yourrepo/yourimage:tag pull image directly from a registry (no container runtime required)
grype purl:path/to/purl/file read a newline separated file of purls from a path on disk
You can also pipe in Syft JSON directly:
syft yourimage:tag -o json | grype
Usage:
grype [command]
Last updated: 2022-11-01 11:07