Grype scans docker images for known vulnerabilities.
- How to install
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin
- How to launch
grype docker:ubuntu
With a typical output:
$ grype registry.hub.docker.com/library/ubuntu
✔ Vulnerability DB [no update available]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [101 packages]
✔ Scanned image [17 vulnerabilities]
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
coreutils 8.32-4.1ubuntu1 deb CVE-2016-2781 Low
libc-bin 2.35-0ubuntu3.1 deb CVE-2016-20013 Negligible
libc6 2.35-0ubuntu3.1 deb CVE-2016-20013 Negligible
libgmp10 2:6.2.1+dfsg-3ubuntu1 deb CVE-2021-43618 Low
libncurses6 6.3-2 deb CVE-2022-29458 Negligible
libncursesw6 6.3-2 deb CVE-2022-29458 Negligible
libpcre2-8-0 10.39-3build1 deb CVE-2022-1586 Low
libpcre2-8-0 10.39-3build1 deb CVE-2022-1587 Low
libpcre3 2:8.39-13ubuntu0.22.04.1 deb CVE-2017-11164 Negligible
libtinfo6 6.3-2 deb CVE-2022-29458 Negligible
login 1:4.8.1-2ubuntu2 deb CVE-2013-4235 Low
ncurses-base 6.3-2 deb CVE-2022-29458 Negligible
ncurses-bin 6.3-2 deb CVE-2022-29458 Negligible
passwd 1:4.8.1-2ubuntu2 deb CVE-2013-4235 Low
perl-base 5.34.0-3ubuntu1 deb CVE-2020-16156 Medium
tar 1.34+dfsg-1build3 deb CVE-2019-9923 Low
zlib1g 1:1.2.11.dfsg-2ubuntu9 deb CVE-2022-37434 Medium