Grype

Grype is a command line vulnerability scanner for container images and filesystems. Point it at an image, a directory, or an existing SBOM and it reports the known vulnerabilities affecting the installed software, with SBOM scans running especially fast.

It reads Docker, OCI, and Singularity image formats and covers the major OS package ecosystems alongside language-specific packages for Ruby, Java, JavaScript, Python, Go, and more. Results can be prioritized with EPSS, KEV, and risk scoring, and OpenVEX data filters and augments the findings to cut noise.

Grype is developed by Anchore and released under the Apache-2.0 license. It runs on Linux, macOS, and Windows from the published binaries, and pairs naturally with Anchore's Syft for SBOM generation.