Grype

Grype is a vulnerability scanning tool specifically designed for container images. It helps identify vulnerabilities within Docker containers and other container formats.

Usage of Grype in Delivery Shield

Delivery Shield mandates security scans on images using Grype. It connects with Grype to see if the required version of the image has been scanned by and if not done, SSD generates a security issue.
Once the Grype scan is done, Delivery Shield pulls container security scan results from Grype, and this data is used to calculate the overall security status of the images and application, to generate alerts and remediation.
The scan results fetched by Delivery Shield will be displayed in the Vulnerability Management page, Artifact section of the DBOM and View Open Security Issues page.

Grype is integrated as part of Delivery Shield. You need to just enable or disable it when required.

To Manage Grype:

Navigate to Config > Integrations.
In the Artifact panel, click Grype.

You can use the toggle button provided below the integration tile to enable or disable it as needed.

The Grype integration page is displayed.
Click +New Account.
In the popup that appears,
1. Enter the account name.
2. Enable the Vulnerability Scan toggle button.

Select the Teams and the corresponding Environments from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.

You can select up to 5 teams for the integration to be displayed.

An example is given below for reference:

In the example above,
- if Team 1, Team 2, and Team 3 are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as Team 4, will not have access to this account.
- Even if the user who created this account is also an admin for Team 4, the integration account remains restricted and is not available for Team 4.
- Access to the account is strictly limited to the specified Teams and Environments selected during account creation.
For Organization Admins:
- When an Organization Admin creates an account without selecting specific Teams and Environments, the account will be universally applicable, granting access to all teams and all environments by default.
For Team Admins with Multiple Teams:
- If a Team Admin who manages multiple teams creates an account without specifying particular Teams and Environments, the account will only be accessible to the teams for which the logged-in user holds admin privileges.

Click Save. The tool is connected.
You can edit the entered values by clicking the Edit option as shown below:

Enable or disable the Vulnerability Scan toggle button and click Update.

The new setting gets updated.

PreviousIntegrating Security Scanning tools in Delivery Shield NextVirusTotal

Last updated 1 day ago

Was this helpful?