Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security.
The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sources, allowing for consistent vulnerability matching and offline scanning capabilities.
The scanner supports automated security workflows by generating structured vulnerability reports in formats such as JSON and CycloneDX. These outputs facilitate integration with external security pipelines, visualization dashboards, and automated oversight systems for tracking and remediating risks across software infrastructure.
