Grype
Vulnerability scanner for container images and filesystems using Anchore’s vulnerability DB and Syft SBOM input.
Why it is included
Lightweight open path from SBOM to CVE list for CI and air-gapped workflows.
Best for
Pipelines already generating Syft SBOMs or needing fast image scans.
Strengths
- Syft integration
- Simple CLI
- Multiple DB sources
Limitations
- Policy features may trail full enterprise suites
Good alternatives
Trivy · Clair
Related tools
Security & Privacy
Syft
CLI and library for generating SBOMs (SPDX, CycloneDX) from images, directories, and archives.
Security & Privacy
Trivy
All-in-one scanner for container images, IaC, Kubernetes manifests, SBOMs, and VM OS packages with CI integrations.
Security & Privacy
Dependency-Track
Continuous SBOM analysis platform tracking component vulnerabilities, policies, and audit trails for supply chain risk.
Security & Privacy
Clair
Static analysis engine for container images: layer indexing and vulnerability matching against NVD and distro feeds.
Security & Privacy
Falco
Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.
Security & Privacy
Tracee
Linux runtime security using eBPF to trace OS and container events with prebuilt signatures and pipeline exports.