{"id":13416837,"url":"https://github.com/anchore/grype","last_synced_at":"2026-02-10T20:12:57.253Z","repository":{"id":37014463,"uuid":"267054247","full_name":"anchore/grype","owner":"anchore","description":"A vulnerability scanner for container images and filesystems","archived":false,"fork":false,"pushed_at":"2026-01-26T22:21:45.000Z","size":8657,"stargazers_count":11430,"open_issues_count":356,"forks_count":733,"subscribers_count":82,"default_branch":"main","last_synced_at":"2026-01-27T03:26:51.740Z","etag":null,"topics":["container-image","containers","cyclonedx","docker","go","golang","hacktoberfest","oci","openvex","security","static-analysis","tool","vex","vulnerabilities","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anchore.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-05-26T13:44:38.000Z","updated_at":"2026-01-26T21:03:46.000Z","dependencies_parsed_at":"2023-01-17T13:16:09.296Z","dependency_job_id":"931d4836-97a1-496e-9715-bebbcdbf1b3c","html_url":"https://github.com/anchore/grype","commit_stats":{"total_commits":1452,"total_committers":100,"mean_commits":14.52,"dds":0.7644628099173554,"last_synced_commit":"ed98490e966cf215eb785395fe80b79f99e420fa"},"previous_names":[],"tags_count":193,"template":false,"template_full_name":null,"purl":"pkg:github/anchore/grype","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fgrype","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fgrype/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fgrype/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fgrype/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anchore","download_url":"https://codeload.github.com/anchore/grype/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fgrype/sbom","scorecard":{"id":191520,"data":{"date":"2025-08-15T20:24:03Z","repo":{"name":"github.com/anchore/grype","commit":"42c333e00ae915be9b0d2d2967d394b9b667e8ed"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.1,"checks":[{"name":"Code-Review","score":8,"reason":"Found 5/6 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yaml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/codeql-analysis.yml:22","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:23","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yaml:143","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:144","Info: jobLevel 'contents' permission set to 'read': .github/workflows/validate-github-actions.yaml:23","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/validate-github-actions.yaml:24","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/validations.yaml:290","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/oss-project-board-add.yaml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yaml:14","Warn: no topLevel permission defined: .github/workflows/remove-awaiting-response-label.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-anchore-dependencies.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-bootstrap-tools.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-quality-gate-db.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/validate-github-actions.yaml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/validations.yaml:11"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: test/integration/test-fixtures/image-debian-match-coverage/java/example-java-app-maven-0.1.0.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: grype_0.98.0_checksums.txt.sig: https://github.com/anchore/grype/releases/tag/v0.98.0","Info: signed release artifact: grype_0.97.2_checksums.txt.sig: https://github.com/anchore/grype/releases/tag/v0.97.2","Info: signed release artifact: grype_0.97.1_checksums.txt.sig: https://github.com/anchore/grype/releases/tag/v0.97.1","Info: signed release artifact: grype_0.97.0_checksums.txt.sig: https://github.com/anchore/grype/releases/tag/v0.97.0","Info: signed release artifact: grype_0.96.1_checksums.txt.sig: https://github.com/anchore/grype/releases/tag/v0.96.1","Warn: release artifact v0.98.0 does not have provenance: https://api.github.com/repos/anchore/grype/releases/239763536","Warn: release artifact v0.97.2 does not have provenance: https://api.github.com/repos/anchore/grype/releases/238693263","Warn: release artifact v0.97.1 does not have provenance: https://api.github.com/repos/anchore/grype/releases/236941919","Warn: release artifact v0.97.0 does not have provenance: https://api.github.com/repos/anchore/grype/releases/236383410","Warn: release artifact v0.96.1 does not have provenance: https://api.github.com/repos/anchore/grype/releases/234041533"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-anchore-dependencies.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/anchore/grype/update-anchore-dependencies.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validations.yaml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/anchore/grype/validations.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile.debug:1: pin your Docker image by updating gcr.io/distroless/static-debian12:debug-nonroot to gcr.io/distroless/static-debian12:debug-nonroot@sha256:0895d6fc256a6938a60c87d92e1148eec0d36198bff9c5d3082e6a56db7756bd","Warn: containerImage not pinned by hash: Dockerfile.nonroot:1: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46","Warn: containerImage not pinned by hash: test/install/environments/Dockerfile-alpine-3.6:1: pin your Docker image by updating alpine:3.6 to alpine:3.6@sha256:66790a2b79e1ea3e1dabac43990c54aca5d1ddf268d9a5a0285e4167c8b24475","Warn: containerImage not pinned by hash: test/install/environments/Dockerfile-busybox-1.36:1","Warn: containerImage not pinned by hash: test/install/environments/Dockerfile-busybox-1.36:6: pin your Docker image by updating busybox:1.36.1-musl to busybox:1.36.1-musl@sha256:74322b4716a11835c6f413fe9ffc2608ffdb8452f51cad9514a2b804908dc16e","Warn: containerImage not pinned by hash: test/integration/test-fixtures/image-alpine-match-coverage/Dockerfile:1","Warn: containerImage not pinned by hash: test/integration/test-fixtures/image-rust-auditable-match-coverage/Dockerfile:2: pin your Docker image by updating docker.io/tofay/hello-rust-auditable:latest to docker.io/tofay/hello-rust-auditable:latest@sha256:1d35d1e007180b3f7500aae5e27560697909132ca9a6d480c4c825534c1c47a9","Warn: npmCommand not pinned by hash: .github/workflows/validations.yaml:167","Info:  29 out of  30 GitHub-owned GitHubAction dependencies pinned","Info:  20 out of  21 third-party GitHubAction dependencies pinned","Info:   5 out of  13 containerImage dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":3,"reason":"SAST tool is not run on all commits -- score normalized to 3","details":["Warn: 11 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 9 contributing companies or organizations","details":["Info: found contributions from: anchore, bold-technologies, cambia health, chainguard-dev, chainguard-images, microsoft, ptwikis, wiki-ai, wolfi-dev"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-16T20:47:55.105Z","repository_id":37014463,"created_at":"2025-08-16T20:47:55.105Z","updated_at":"2025-08-16T20:47:55.105Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28816349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T12:25:15.069Z","status":"ssl_error","status_checked_at":"2026-01-27T12:25:05.297Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container-image","containers","cyclonedx","docker","go","golang","hacktoberfest","oci","openvex","security","static-analysis","tool","vex","vulnerabilities","vulnerability"],"created_at":"2024-07-30T22:00:23.106Z","updated_at":"2026-01-27T16:01:15.395Z","avatar_url":"https://github.com/anchore.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n    \u003cimg alt=\"Grype logo\" src=\"https://user-images.githubusercontent.com/5199289/136855393-d0a9eef9-ccf1-4e2b-9d7c-7aad16a567e5.png\" width=\"234\"\u003e\n\u003c/p\u003e\n\n# Grype\n\n**A vulnerability scanner for container images and filesystems.**\n\n\u003cp align=\"center\"\u003e\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/actions?query=workflow%3A%22Static+Analysis+%2B+Unit+%2B+Integration%22\"\u003e\u003cimg src=\"https://github.com/anchore/grype/workflows/Static%20Analysis%20+%20Unit%20+%20Integration/badge.svg\" alt=\"Static Analysis + Unit + Integration\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/actions/workflows/validations.yaml\"\u003e\u003cimg src=\"https://github.com/anchore/grype/workflows/Validations/badge.svg\" alt=\"Validations\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://goreportcard.com/report/github.com/anchore/grype\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/anchore/grype\" alt=\"Go Report Card\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/release/anchore/grype.svg\" alt=\"GitHub release\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype\"\u003e\u003cimg src=\"https://img.shields.io/github/go-mod/go-version/anchore/grype.svg\" alt=\"GitHub go.mod Go version\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg\" alt=\"License: Apache-2.0\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://anchore.com/discourse\"\u003e\u003cimg src=\"https://img.shields.io/badge/Discourse-Join-blue?logo=discourse\" alt=\"Join our Discourse\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca rel=\"me\" href=\"https://fosstodon.org/@grype\"\u003e\u003cimg src=\"https://img.shields.io/badge/Mastodon-Follow-blue?logoColor=white\u0026logo=mastodon\" alt=\"Follow on Mastodon\"\u003e\u003c/a\u003e\u0026nbsp;\n\u003c/p\u003e\n\n![grype-demo](https://user-images.githubusercontent.com/590471/90276236-9868f300-de31-11ea-8068-4268b6b68529.gif)\n\n## Features\n\n- Scan **container images**, **filesystems**, and **SBOMs** for known vulnerabilities (see the docs for a full list of [supported scan targets](https://oss.anchore.com/docs/guides/vulnerability/scan-targets/))\n- Supports major OS package ecosystems (Alpine, Debian, Ubuntu, RHEL, Oracle Linux, Amazon Linux, and [more](https://oss.anchore.com/docs/capabilities/all-os/))\n- Supports language-specific packages (Ruby, Java, JavaScript, Python, .NET, Go, PHP, Rust, and [more](https://oss.anchore.com/docs/capabilities/all-packages/))\n- Supports Docker, OCI, and [Singularity](https://github.com/sylabs/singularity) image formats\n- Threat \u0026 risk prioritization with **EPSS**, **KEV**, and **risk scoring** (see [interpreting the results docs](https://oss.anchore.com/docs/guides/vulnerability/interpreting-results/))\n- [OpenVEX](https://github.com/openvex) support for filtering and augmenting scan results\n\n\u003e [!TIP]\n\u003e New to Grype? Check out the [Getting Started guide](https://oss.anchore.com/docs/guides/vulnerability/getting-started/) for a walkthrough!\n\n## Installation\n\nThe quickest way to get up and going:\n```bash\ncurl -sSfL https://get.anchore.io/grype | sudo sh -s -- -b /usr/local/bin\n```\n\n\u003e [!TIP]\n\u003e See [Installation docs](https://oss.anchore.com/docs/installation/grype/) for more ways to get Grype, including Homebrew, Docker, Chocolatey, MacPorts, and more!\n\n## The basics\n\nScan a container image or directory for vulnerabilities:\n\n```bash\n# container image\ngrype alpine:latest\n\n# directory\ngrype ./my-project\n```\n\nScan an SBOM for even faster vulnerability detection:\n\n```bash\n# scan a Syft SBOM\ngrype sbom:./sbom.json\n\n# pipe an SBOM into Grype\ncat ./sbom.json | grype\n```\n\n\u003e [!TIP]\n\u003e Check out the [Getting Started guide](https://oss.anchore.com/docs/guides/vulnerability/getting-started/) to explore all of the capabilities and features.\n\u003e\n\u003e Want to know all of the ins-and-outs of Grype? Check out the [CLI docs](https://oss.anchore.com/docs/reference/grype/cli/) and [configuration docs](https://oss.anchore.com/docs/reference/grype/configuration/).\n\n## Contributing\n\nWe encourage users to help make these tools better by [submitting issues](https://github.com/anchore/grype/issues) when you find a bug or want a new feature.\nCheck out our [contributing overview](https://oss.anchore.com/docs/contributing/) and [developer-specific documentation](https://oss.anchore.com/docs/contributing/grype/) if you are interested in providing code contributions.\n\n\u003cp xmlns:cc=\"http://creativecommons.org/ns#\" xmlns:dct=\"http://purl.org/dc/terms/\"\u003e\n  Grype development is sponsored by \u003ca href=\"https://anchore.com/\"\u003eAnchore\u003c/a\u003e, and is released under the \u003ca href=\"https://github.com/anchore/grype?tab=Apache-2.0-1-ov-file\"\u003eApache-2.0 License\u003c/a\u003e.\n  The \u003ca property=\"dct:title\" rel=\"cc:attributionURL\" href=\"https://anchore.com/wp-content/uploads/2024/11/grype-logo.svg\"\u003eGrype logo\u003c/a\u003e by \u003ca rel=\"cc:attributionURL dct:creator\" property=\"cc:attributionName\" href=\"https://anchore.com/\"\u003eAnchore\u003c/a\u003e is licensed under \u003ca href=\"https://creativecommons.org/licenses/by/4.0/\" target=\"_blank\" rel=\"license noopener noreferrer\" style=\"display:inline-block;\"\u003eCC BY 4.0\u003cimg style=\"height:22px!important;margin-left:3px;vertical-align:text-bottom;\" src=\"https://mirrors.creativecommons.org/presskit/icons/cc.svg\" alt=\"\"\u003e\u003cimg style=\"height:22px!important;margin-left:3px;vertical-align:text-bottom;\" src=\"https://mirrors.creativecommons.org/presskit/icons/by.svg\" alt=\"\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nFor commercial support options with Syft or Grype, please [contact Anchore](https://get.anchore.com/contact/).\n\n## Come talk to us!\n\nThe Grype Team holds regular community meetings online. All are welcome to join to bring topics for discussion.\n- Check the [calendar](https://calendar.google.com/calendar/u/0/r?cid=Y182OTM4dGt0MjRtajI0NnNzOThiaGtnM29qNEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) for the next meeting date.\n- Add items to the [agenda](https://docs.google.com/document/d/1ZtSAa6fj2a6KRWviTn3WoJm09edvrNUp4Iz_dOjjyY8/edit?usp=sharing) (join [this group](https://groups.google.com/g/anchore-oss-community) for write access to the [agenda](https://docs.google.com/document/d/1ZtSAa6fj2a6KRWviTn3WoJm09edvrNUp4Iz_dOjjyY8/edit?usp=sharing))\n- See you there!\n","funding_links":[],"categories":["Popular","Security Scanners","Go","Containers","Container Tools","Dependency intelligence","Security","Container \u0026 Kubernetes Security","Go (531)","📋 Table of Contents","蓝队工具","Tools","Container Scanning","Container scanning","容器管理与运维 (Container Operations)","security","vulnerability","Инструменты","Repositories","Other","🔒 Security","工具：覆盖攻防全流程的实用利器","Security \u0026 Compliance","Container Operations","Container and Kubernetes Security","Software Composition Analysis (SCA)","Software Tools"],"sub_categories":["Grype","MultiCloud Governance","Vulnerability information exchange","Container Scanning","Threat modelling","Open Source Container Security","IAC(Infrastructure-as-Code)扫描","安全 (Security)","Сканеры Docker образов","Software Supply Chain Security","☸️ Kubernetes","2. 容器扫描（检测镜像/容器中的风险）","Security","Image Scanning","Firmware Supply Chain and SBOM"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanchore%2Fgrype","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanchore%2Fgrype","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanchore%2Fgrype/lists"}