Skill UI

Grype is an open-source vulnerability scanner from Anchore. It inspects container images, filesystems, and SBOMs for known CVEs. It leverages Syft-generated SBOMs to match packages against multiple vulnerability databases (NVD, GitHub Advisories). Use it for security assessments, auditing, and integrating into CI/CD pipelines to enforce vulnerability standards and manage supply chain risks.

This tool parses Software Bill of Materials (SBOM) in CycloneDX and SPDX formats. It correlates components against the NVD CVE database to identify known supply chain vulnerabilities. Key features include building dependency graphs, calculating transitive risk scores, and generating compliance reports for regulatory assessment.