mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 12:45:17 +03:00
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.7 KiB
1.7 KiB
API Reference: Scanning Container Images with Grype
Grype CLI Commands
| Command | Description |
|---|---|
grype <image> |
Scan a container image |
grype <image> -o json |
JSON output for parsing |
grype <image> -o sarif |
SARIF output for GitHub Security |
grype <image> --fail-on critical |
Exit non-zero on severity |
grype <image> --only-fixed |
Show only fixable vulns |
grype sbom:<file> |
Scan a pre-generated SBOM |
grype dir:<path> |
Scan a local directory |
grype db status |
Check vulnerability DB status |
grype db update |
Update vulnerability database |
Input Sources
| Source | Syntax | Description |
|---|---|---|
| Registry | grype nginx:latest |
Pull from registry |
| Docker daemon | grype docker:myapp:1.0 |
Local Docker image |
| Archive | grype docker-archive:image.tar |
Saved tar archive |
| OCI dir | grype oci-dir:path/ |
OCI layout directory |
| SBOM | grype sbom:bom.json |
CycloneDX/SPDX SBOM |
| Directory | grype dir:/path/ |
Filesystem scan |
Severity Levels
| Level | CVSS Range | Action |
|---|---|---|
| Critical | 9.0 - 10.0 | Immediate remediation |
| High | 7.0 - 8.9 | Fix before deployment |
| Medium | 4.0 - 6.9 | Plan remediation |
| Low | 0.1 - 3.9 | Accept or fix later |
| Negligible | 0.0 | Informational |
Python Libraries
| Library | Version | Purpose |
|---|---|---|
subprocess |
stdlib | Execute grype CLI |
json |
stdlib | Parse JSON output |
pathlib |
stdlib | File path handling |
References
- Grype GitHub: https://github.com/anchore/grype
- Anchore Scan Action: https://github.com/anchore/scan-action
- Syft SBOM Generator: https://github.com/anchore/syft