Tools/anchore/grype

grype

A vulnerability scanner for container images and filesystems

12.5kemergingGoApache License 2.0

The Lens

Grype scans container images and filesystems for known vulnerabilities. Feed it an image or an SBOM from Syft, and it checks everything inside against vulnerability databases and tells you what is exploitable and how bad. Open source, free, and quick enough to run on every build.

It's a single Go binary with no setup beyond the first database pull. Run it in CI to fail a build when a critical CVE shows up, or against a running image to audit what you've deployed. It reads Syft's SBOM output directly, so the two together give you inventory plus vulnerabilities in one pipeline.

Grype and Syft are free. Anchore Enterprise is the paid platform on top, with centralized policy, historical tracking, and support for teams that need to prove compliance. Solo and small teams, the CLI in CI covers it. Larger orgs, the enterprise layer is about governance and audit trails, not better scanning.

The catch: vulnerability scanners are noisy. A fresh scan of a common base image can surface dozens of CVEs, many unfixable or irrelevant to how you use the software. The work isn't running Grype, it's triaging what it finds without drowning in low-priority noise.

Free vs Self-Hosted vs Paid

free self hosted paid cloud

Self-hosted (free): Grype under Apache-2.0, a Go binary that scans images, filesystems, or Syft SBOMs against vulnerability databases. Runs in CI to fail builds on critical findings.

Anchore Enterprise (paid): Centralized policy, historical tracking, and support for teams that need to prove compliance.

The call: The CLI covers scanning for most teams. Enterprise is about governance and audit trails, not better detection.

Free and open source. Anchore Enterprise adds central policy, history, and support.

Self-hosting ops:trivial

Get tools like this every Wednesday

One featured tool, three on the radar. No fluff.

Similar Tools

Score
65/100 · B
Adoption25/30
Maintenance10/25
Community5/20
License15/15
Analysis10/10

About

Owner
Anchore, Inc. (Organization)
Stars
12,509
Forks
820

Explore Further

More tools in the directory