SaaSHub helps you find the best software and product alternatives Learn more →
Grype Alternatives
Similar projects and alternatives to grype
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
-
anchore-engine
A service that analyzes docker images and scans for vulnerabilities
-
-
-
kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
-
-
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
-
-
Apache Log4j 2
Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture.
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
-
-
Logout4Shell
Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
-
log4jscanner
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
-
-
-
Grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
grype reviews and mentions
-
Show HN: Xeol – An End Of Life (EOL) package scanner for container images
Hey everyone! I open-sourced a project that finds unsupported/End of Life software in container images, systems, and SBOMs.
It's based on https://github.com/anchore/grype and uses https://endoflife.date/ as a data source for EOL packages.
-
Keeping up with dependencies like a boss
I'll continue relying on Anitya for the feed and syft/grype to build my SBOM and track vulnerabilities.
-
Is this Dockerfile ready for production? Is the container automatically secure?
You could also do CVE scanning of your container in your pipeline before you push to a registry. try Trivy https://github.com/aquasecurity/trivy or grype https://github.com/anchore/grype
-
🪄 Grype jq tricks : csv for spreadsheets 📊
Since v0.42.0, and its issue #724 it is possible to transform analysis report with templates.
-
Jetstack Paranoia: A New Open-Source Tool for Container Image Security
I was also a bit confused and expected something like grype -https://github.com/anchore/grype
-
Implement DevSecOps to Secure your CI/CD pipeline
For example, let's see how the DevSecOps process can detect and prevent zero-day vulnerabilities like log4j. Using Syft tool, we can generate SBOM for our application code and pass this SBOM report to Grype which can detect these new vulnerabilities and report to us if there is any fix or patch available. As these steps are part of our CI/CD, we can alert our developers and security team to remediate this issue as soon as it is identified.
-
🪄 Introducing jq tricks to Grype-Contribs
The aim of this repo is to summarize some resources around Grype to take the best ouf this great tool.
-
📢 Grype 0.42.0 is out... and hello grype-contribs 👶
Grype recently released a very interesting version : v0.42.0, which includes a very (very) interesting feature (and resource within the issue itself) :
-
⚖️ Kafka image : wurstmeister vs. bitnami
❔ What does Unknown mean ❔ #807
-
🛡️ Is Redmine affected by CVE-2022-32209 ?
To answer if we are affected, the question can be answered within a single line of code, thanks to grype :
-
A note from our sponsor - #<SponsorshipServiceOld:0x00007fea59464010>
www.saashub.com | 3 Feb 2023
Stats
anchore/grype is an open source project licensed under Apache License 2.0 which is an OSI approved license.