Grype is a command line tool for scanning the contents of a container image or filesystem in order to find known vulnerabilities.
This tutorial explains demonstrates how to install Grype on Ubuntu 20.04.
Run the following command to install the latest version of Grype to
wget -qO - https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo bash -s -- -b /usr/local/bin
We can check Grype version as follows:
grype command and specify the container image as argument:
For the first time, Grype will download vulnerability database and store on local filesystem. Once the database is ready, Grype scans for vulnerabilities in the Docker image and prints results in a table.
An example of the output:
Vulnerability DB [updated] Parsed image Cataloged packages [92 packages] Scanned image [32 vulnerabilities] NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY bash 5.0-6ubuntu1.1 CVE-2019-18276 Low coreutils 8.30-3ubuntu2 CVE-2016-2781 Low libc-bin 2.31-0ubuntu9.2 CVE-2020-6096 Low libc-bin 2.31-0ubuntu9.2 CVE-2021-3326 Low libc-bin 2.31-0ubuntu9.2 CVE-2016-10228 Negligible ...
If you want to completely remove Grype, delete executable file:
sudo rm -rf /usr/local/bin/grype
You can also remove vulnerabilities database:
rm -rf ~/.cache/grype