Grype

Grype is a vulnerability scanning tool specifically designed for container images. It helps identify vulnerabilities within Docker containers and other container formats.

Usage of Grype in SSD

  • SSD mandates security scans on images using Grype. It connects with Grype to see if the required version of the image has been scanned by and if not done, SSD generates a security issue.

  • Once the Grype scan is done, SSD pulls container security scan results from Grype, and this data is used to calculate the overall security status of the images and application, to generate alerts and remediation.

  • The scan results fetched by SSD will be displayed in the Vulnerability Management page, Artifact section of the DBOM and View Open Security Issues page.

Grype is integrated as part of SSD. You need to just enable or disable it when required.

To Manage Grype:

  1. Navigate to Config > Integrations.

  2. In the Artifact panel, click Grype.

  1. The Grype integration page is displayed.

  2. Enable the Vulnerability Scan toggle button.

  3. Click Save. The tool is connected.

  4. You can edit the entered values by clicking the Edit option as shown below:

  1. Enable or disable the Vulnerability Scan toggle button and click Update.

The new setting gets updated.

Last updated