grype vs opencve

grype

A vulnerability scanner for container images and filesystems (by anchore)

Source Code

Suggest alternative

Edit details

opencve

CVE Alerting Platform (by opencve)

Cve Security Vulnerabilities security-tools Nvd Python

Source Code

opencve.io

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

grype		opencve
	Project
56	Mentions	21
7,678	Stars	1,630
2.3%	Growth	2.8%
9.5	Activity	4.1
7 days ago	Latest Commit	2 days ago
Go	Language	Python
Apache License 2.0	License	GNU General Public License v3.0 or later

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

grype

Posts with mentions or reviews of grype. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-25.

Introduction to the Kubernetes ecosystem
7 projects | dev.to | 25 Apr 2024

Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
Suas imagens de container não estão seguras!
4 projects | dev.to | 20 Mar 2024
I looked through attacks in my access logs. Here's what I found
6 projects | news.ycombinator.com | 28 Jan 2024

Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
Distroless images using melange and apko
8 projects | dev.to | 22 Dec 2023

Using Grype:
Scanning and remediating vulnerabilities with Grype
1 project | dev.to | 19 Aug 2023

In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.
Understanding Container Security
3 projects | dev.to | 21 Jul 2023

Scanning your container images for vulnerabilities is a good approach. But this scanning is not one time job, it should be done regularly (weekly, monthly, etc.) You need to follow vulnerability reports and fix all of the vulnerabilities as soon as possible. I recommend some open-source tools that could be useful: Trivy, Docker-Bench, Grype.
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
17 projects | dev.to | 22 May 2023

Grype is another popular open source tool from Anchore. Working with SBOM files, Grype scans container images and filesystems for vulnerabilities. Grype supports different output formats for vulnerabilities and custom templates for output.
Best vulnerability scanner for DevOps
2 projects | /r/devsecops | 19 May 2023

Grype (https://github.com/anchore/grype)
Security docker app
3 projects | /r/selfhosted | 20 Apr 2023

Grype will allow you to scan a container to see if you have any vulnerable packages.
Open source container scanning tool to find vulnerabilities and suggest best practice improvements?
8 projects | /r/selfhosted | 15 Apr 2023

https://github.com/anchore/grype 5.6k stars, updated 3 days ago

opencve

Posts with mentions or reviews of opencve. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-07.

Auth0 increases price by 300%
7 projects | /r/webdev | 7 Dec 2023
how to stay up to date with new CVEs?
1 project | /r/cybersecurity | 25 May 2023
Where do you get your information regarding new vulnerabilities and security risks?
2 projects | /r/sysadmin | 9 May 2023
PaperCut MF/NG vulnerability
1 project | /r/sysadmin | 20 Apr 2023

Don't like someone else running it? No problem, it's open source and you can run it yourself https://github.com/opencve/opencve
Tracking vulnerabilities that your company is effected by.
1 project | /r/cybersecurity | 14 Apr 2023

I use https://www.opencve.io you can make a account and then subscribe to different products and/or vendors to get automated updates via mail if there are new vulnerabilities that affect these products
Getting informed about exploits / CVEs
1 project | /r/sysadmin | 16 Mar 2023

www.opencve.io and filter on your vendors and hw models.
CVE sources
2 projects | /r/cybersecurity | 27 Dec 2022
CVE Vulnerability Tracking
2 projects | /r/AskNetsec | 18 Nov 2022

Check out OpenCVE, I find it as an excellent tool.
zero-day exploit notifications
3 projects | /r/cybersecurity | 19 Aug 2022

https://www.opencve.io/ - Site that allows you to be emailed of new CVEs by subscribing to different products and vendors.
CVE Search
1 project | /r/cybersecurity | 24 May 2022

https://www.opencve.io/ is something to use as well.

What are some alternatives?

When comparing grype and opencve you can also consider the following projects:

trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

vulnix - Vulnerability (CVE) scanner for Nix/NixOS.

anchore-engine - A service that analyzes docker images and scans for vulnerabilities

vulnmine - Vulnmine searches for vulnerable hosts using MS SCCM host / software inventory data with NIST NVD Vulnerability feed data.

clair - Vulnerability Static Analysis for Containers

CVE-2021-37740 - PoC for DoS vulnerability CVE-2021-37740 in firmware v3.0.3 of SCN-IP100.03 and SCN-IP000.03 by MDT. The bug has been fixed in firmware v3.0.4.

syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems

openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.

falco - Cloud Native Runtime Security

DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

kubescape - Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

vulnerablecode - A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

grype vs trivy opencve vs vulnix grype vs anchore-engine opencve vs vulnmine grype vs clair opencve vs CVE-2021-37740 grype vs syft opencve vs openvas-scanner grype vs falco opencve vs DependencyCheck grype vs kubescape opencve vs vulnerablecode

Compare grype vs opencve and see what are their differences.

grype

opencve

grype

opencve

What are some alternatives?