Getting Started
Use Grype to scan your container images, directories, or archives for known vulnerabilities.
Vulnerability Scanning
Learn how to scan container images, filesystems, and SBOMs for known software vulnerabilities.
Vulnerability scanning is the automated process of proactively identifying security weaknesses and known exploits within software and systems. This is crucial because it helps developers and organizations find and fix potential security holes before malicious actors can discover and exploit them, thus protecting data and maintaining system integrity.
Grype is an open-source vulnerability scanner specifically designed to analyze container images and filesystems. It works by comparing the software components it finds against a database of known vulnerabilities, providing a report of potential risks so they can be addressed.
Supported Scan Targets
Explore the different scan targets Grype supports including container images, directories, SBOMs, and individual packages
Supported package ecosystems
Learn how Grype selects vulnerability data for different package types and what level of accuracy to expect
Understanding Grype results
Learn how to read and interpret Grype’s vulnerability scan output, including match types, confidence levels, and result reliability
Working with JSON
Learn how to work with Grype’s native JSON format
Filter scan results
Control which vulnerabilities Grype reports using filtering flags, configuration rules, and VEX documents
Vulnerability Database
Using the Grype Vulnerability Database