Install Grype on Ubuntu 20.04

Grype is a command line tool for scanning the contents of a container image or filesystem in order to find known vulnerabilities.

This tutorial explains demonstrates how to install Grype on Ubuntu 20.04.

Install Grype

Run the following command to install the latest version of Grype to /usr/local/bin directory:

wget -qO - https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo bash -s -- -b /usr/local/bin

We can check Grype version as follows:

grype version

Testing Grype

Run the grype command and specify the container image as argument:

grype ubuntu:latest

For the first time, Grype will download vulnerability database and store on local filesystem. Once the database is ready, Grype scans for vulnerabilities in the Docker image and prints results in a table.

An example of the output:

  Vulnerability DB        [updated]
  Parsed image
  Cataloged packages      [92 packages]
  Scanned image           [32 vulnerabilities]
NAME         INSTALLED                 FIXED-IN           VULNERABILITY     SEVERITY
bash         5.0-6ubuntu1.1                               CVE-2019-18276    Low
coreutils    8.30-3ubuntu2                                CVE-2016-2781     Low
libc-bin     2.31-0ubuntu9.2                              CVE-2020-6096     Low
libc-bin     2.31-0ubuntu9.2                              CVE-2021-3326     Low
libc-bin     2.31-0ubuntu9.2                              CVE-2016-10228    Negligible
...

Uninstall Grype

If you want to completely remove Grype, delete executable file:

sudo rm -rf /usr/local/bin/grype

You can also remove vulnerabilities database:

rm -rf ~/.cache/grype

Leave a Comment

Your email address will not be published.