Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
125 commits 36 branches 157 tags 14 MiB
Go 95.5%
Shell 3%
Makefile 0.8%
Python 0.3%
Dockerfile 0.2%
Other 0.1%
Find a file
Alfredo Deza 317b38336b match: add APK matcher type 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-08-06 15:58:42 -04:00
.circleci bump circle resources 2020-07-25 19:09:19 -04:00
.github pull all commits on checkout for release to build changelog (#98) 2020-08-06 08:29:06 -04:00
cmd fix panic on top-level log (#97) 2020-08-06 08:30:22 -04:00
grype match: add APK matcher type 2020-08-06 15:58:42 -04:00
internal restore log source after etui exit 2020-08-02 18:31:00 -04:00
test Update pkg type (#87) 2020-08-05 08:18:24 -04:00
ui replace zap logger with logrus (#80) 2020-08-01 11:58:10 -04:00
.bouncer.yaml add release pipeline & replace imgbom with syft (#60) 2020-07-23 21:26:03 -04:00
.gitignore add json presenter snapshots 2020-07-23 21:43:14 -04:00
.golangci.yaml Add ETUI (#77) 2020-07-30 19:06:27 -04:00
.goreleaser.yaml add snapshot check & enable release publishing 2020-07-25 11:08:54 -04:00
go.mod add description and cvss metadata to v1 schema (#100) 2020-08-06 13:15:22 -04:00
go.sum add description and cvss metadata to v1 schema (#100) 2020-08-06 13:15:22 -04:00
LICENSE add apache v2 license 2020-06-24 14:37:36 -04:00
main.go rename to grype 2020-07-23 21:29:05 -04:00
Makefile Ignore prerelease versions on release + add DB update URL (#76) 2020-07-30 12:37:49 -04:00
README.md docs: update README with sections and DB information 2020-08-06 07:59:35 -04:00

README.md

grype

A vulnerability scanner for container images and filesystems

Getting started

Installation

Scanning Images

Scanning local paths

Developing

There are a few useful things to know before diving into the codebase. This project depends on a few things being available like a vulnerability database, which you might want to create manually instead of retrieving a released version.

Inspecting the database

The currently supported database provider is Sqlite3. Install sqlite3 in your system and ensure that the sqlite3 executable is available in your path. Ask grype about the location of the database, which will be different depending on the operating system:

$ go run main.go db status
Location:  /Users/alfredo/Library/Caches/grype/db
Built:  2020-07-31 08:18:29 +0000 UTC
Current DB Version:  1
Require DB Version:  1
Status: Valid

In this case (OSX), the database is located in the user's home directory. To verify the database filename, list that path:

$ ls -alh  /Users/alfredo/Library/Caches/grype/db
total 445392
drwxr-xr-x  4 alfredo  staff   128B Jul 31 09:27 .
drwxr-xr-x  3 alfredo  staff    96B Jul 31 09:27 ..
-rw-------  1 alfredo  staff   139B Jul 31 09:27 metadata.json
-rw-r--r--  1 alfredo  staff   217M Jul 31 09:27 vulnerability.db

Next, open the vulnerability.db with sqlite3:

$ sqlite3 /Users/alfredo/Library/Caches/grype/db/vulnerability.db

To make the reporting from Sqlite3 easier to read, enable the following:

sqlite> .mode column
sqlite> .headers on

List the tables:

sqlite> .tables
id                      vulnerability           vulnerability_metadata

In this example you retrieve a specific vulnerability from the nvd namespace:

sqlite> select * from vulnerability where (namespace="nvd" and package_name="libvncserver") limit 1;
id             record_source  package_name  namespace   version_constraint  version_format  cpes                                                         proxy_vulnerabilities
-------------  -------------  ------------  ----------  ------------------  --------------  -----------------------------------------------------------  ---------------------
CVE-2006-2450                 libvncserver  nvd         = 0.7.1             unknown         ["cpe:2.3:a:libvncserver:libvncserver:0.7.1:*:*:*:*:*:*:*"]  []