Vulnerability Scanning

Learn how to scan container images, filesystems, and SBOMs for known software vulnerabilities.
Tags:

Vulnerability scanning is the automated process of proactively identifying security weaknesses and known exploits within software and systems. This is crucial because it helps developers and organizations find and fix potential security holes before malicious actors can discover and exploit them, thus protecting data and maintaining system integrity.

Grype is an open-source vulnerability scanner specifically designed to analyze container images and filesystems. It works by comparing the software components it finds against a database of known vulnerabilities, providing a report of potential risks so they can be addressed.

Getting Started

Vulnerability Scanning Getting Started

Vulnerability Database

Using the Grype Vulnerability Database

Data sources

Learn about the vulnerability data sources Grype uses for matching

Database Publishing

Publishing the Grype Vulnerability Database

Last modified October 10, 2025: fix reference links (1594d93)