Files
Anthropic-Cybersecurity-Skills/skills/scanning-container-images-with-grype/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

51 lines
1.7 KiB
Markdown

# API Reference: Scanning Container Images with Grype
## Grype CLI Commands
| Command | Description |
|---------|-------------|
| `grype <image>` | Scan a container image |
| `grype <image> -o json` | JSON output for parsing |
| `grype <image> -o sarif` | SARIF output for GitHub Security |
| `grype <image> --fail-on critical` | Exit non-zero on severity |
| `grype <image> --only-fixed` | Show only fixable vulns |
| `grype sbom:<file>` | Scan a pre-generated SBOM |
| `grype dir:<path>` | Scan a local directory |
| `grype db status` | Check vulnerability DB status |
| `grype db update` | Update vulnerability database |
## Input Sources
| Source | Syntax | Description |
|--------|--------|-------------|
| Registry | `grype nginx:latest` | Pull from registry |
| Docker daemon | `grype docker:myapp:1.0` | Local Docker image |
| Archive | `grype docker-archive:image.tar` | Saved tar archive |
| OCI dir | `grype oci-dir:path/` | OCI layout directory |
| SBOM | `grype sbom:bom.json` | CycloneDX/SPDX SBOM |
| Directory | `grype dir:/path/` | Filesystem scan |
## Severity Levels
| Level | CVSS Range | Action |
|-------|-----------|--------|
| Critical | 9.0 - 10.0 | Immediate remediation |
| High | 7.0 - 8.9 | Fix before deployment |
| Medium | 4.0 - 6.9 | Plan remediation |
| Low | 0.1 - 3.9 | Accept or fix later |
| Negligible | 0.0 | Informational |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `subprocess` | stdlib | Execute grype CLI |
| `json` | stdlib | Parse JSON output |
| `pathlib` | stdlib | File path handling |
## References
- Grype GitHub: https://github.com/anchore/grype
- Anchore Scan Action: https://github.com/anchore/scan-action
- Syft SBOM Generator: https://github.com/anchore/syft