Grype is a vulnerability scanner for container images and filesystems.

To update or switch versions, run webi grype@stable (or @v0.6, @beta, etc)



Cheat Sheet

It also helps find vulnerabilities for major operating system and language-specific packages. Supports Docker, OCI and Singularity image formats, OpenVEX support for filtering and augmenting scanning results. Works with syft, a powerful SBOM (software bill of materials) tool for container images and file systems

How to for vulnerabilities in an image

grype <image>

How to scan all image layers

grype <image> --scope all-layers

How to scan a running container

docker run --rm \
    --volume /var/run/docker.sock:/var/run/docker.sock \
    --name Grype anchore/grype:latest \


Report an Issue Submit Installer Star on GitHub