Last updated: April 19, 2021 | 84 views
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based operating systems.
Features of Grype Vulnerability Scanner For Container Images & Filesystems
Scan the contents of a container image or filesystem to find known vulnerabilities and find vulnerabilities for major operating system packages in:
- Alpine
- BusyBox
- CentOS / Red Hat
- Debian
- Ubuntu
Find vulnerabilities for language-specific packages:
- Ruby (Bundler)
- Java (JARs, etc)
- JavaScript (NPM/Yarn)
- Python (Egg/Wheel)
- Python pip/requirements.txt/setup.py listings
Supports Docker and OCI image formats
Using Grype Vulnerability Scanner For Container Images & Filesystems
To scan for vulnerabilities in an image:
Grype can scan a variety of sources beyond those found in Docker.
|
# scan a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands) grype path/to/image.tar # scan a directory grype dir:path/to/dir |
The output format for Grype is configurable as well:
|
grype <image> -o <format> |
Where the formats available are:
- json: Use this to get as much information out of Grype as possible!
- cyclonedx: An XML report conforming to the CycloneDX 1.2 specification.
- table: A columnar summary (default).
You can download Grype here:
Or read more here.
Posted in: Security Software
Latest Posts:
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 10 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 153 Shares
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc February 3, 2021 - 93 Shares
GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process January 1, 2021 - 140 Shares
zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile. December 7, 2020 - 207 Shares
HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc November 6, 2020 - 197 Shares
文章来源: https://www.darknet.org.uk/2021/04/grype-vulnerability-scanner-for-container-images-filesystems/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
如有侵权请联系:admin#unsafe.sh