macOS
brew install grypelocal Homebrew formula metadata
sudo port install grypeMacPorts ports tree · security/grype/Portfile · source: api.github.com
brew
Vulnerability scanner for container images and filesystems. Version 0.115.0 via Homebrew; verified 2026-06-26.
install
brew install grypelocal Homebrew formula metadata
sudo port install grypeMacPorts ports tree · security/grype/Portfile · source: api.github.com
sudo apk add grypeAlpine Linux edge package indexes · grype · source: dl-cdn.alpinelinux.org
nix profile install nixpkgs#grypenixpkgs package indexes · pkgs/by-name/gr/grype/package.nix · source: api.github.com
sudo zypper install grypeopenSUSE Tumbleweed package metadata · grype · source: download.opensuse.org
choco install grypeChocolatey community package catalog · grype · source: community.chocolatey.org
scoop install main/grypeScoop official bucket manifest trees · bucket/grype.json · source: api.github.com
winget install --id Anchore.Grype -eWindows Package Manager source index · Anchore.Grype · source: cdn.winget.microsoft.com
overview
Vulnerability scanner for container images and filesystems
history
Grype is Anchore's open-source vulnerability scanner for container images, filesystems, and SBOMs. It became part of the Syft-and-Grype toolchain: Syft catalogs what software is present, and Grype matches that inventory against vulnerability data.
Anchore created the grype repository in May 2020 and published beta releases in July 2020. The README describes a standalone CLI that scans images, directories, and SBOMs; supports major Linux distribution package ecosystems; supports language package ecosystems; and understands Docker, OCI, and Singularity image formats.
The project evolved alongside Anchore's broader open-source supply-chain tooling. Syft, created in May 2020, generates SBOMs for container images and filesystems, while Grype consumes image contents or SBOM documents to report known vulnerabilities. Anchore later moved substantial usage and reference documentation to oss.anchore.com as the tools accumulated guides, coverage matrices, CLI references, and configuration docs.
Grype's release history shows steady iteration from the 0.1.0 beta series in 2020 into frequent tagged releases. Its feature set expanded beyond simple CVE tables to include SBOM scanning, multiple output formats, risk prioritization signals such as EPSS and KEV, OpenVEX filtering and augmentation, and documented configuration-file search paths.
Grype's adoption tracks the rise of software supply-chain security, container scanning, and SBOM workflows. The official README and docs emphasize local CLI use, CI/CD automation, and scanning of images, directories, archives, and SBOMs. The Homebrew facts also show packaging across macOS, Linux, Windows package managers, and distribution ecosystems, which is typical for security CLIs expected to run on developer workstations and CI agents.
Anchore's open-source page presents Grype with Syft and Grant as a set of developer-friendly container-security tools. That grouping matters historically because Grype is not just a container scanner; it is part of a workflow where SBOM generation, vulnerability matching, license checks, and automation are treated as separate composable command-line steps.
Common usage is `grype <image>` for a container image, `grype dir:.` for a directory, or `grype sbom:<path>` for an existing SBOM. The docs describe JSON output for downstream processing, database downloads for vulnerability matching, offline operation after an initial database download, and CI/CD use where pipelines can fail based on severity thresholds.
Package and security engineers care about the input source because Grype can scan Docker and OCI images, local directories, archives, and SBOM files. Its results depend on package cataloging and vulnerability database matching, so it is often paired with Syft when an explicit SBOM artifact is desired.
Grype is significant to package nerds because it turns package metadata into security decisions. It has to understand OS package managers, language package managers, image layers, SBOM formats, vulnerability identifiers, fixed-version ranges, and suppression or VEX context. That makes it a practical stress test for how well packaging metadata represents real software contents.
It also illustrates the modern CLI distribution pattern for security tools: a single compiled executable, Homebrew and other package-manager formulae, container images, CI integration, generated documentation, and a separate data-update path for the vulnerability database.
security posture
broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.
red risk · medium confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
./.grype.yaml./.grype.yml./.grype/config.yaml./.grype/config.yml~/.grype.yaml~/.grype.yml$XDG_CONFIG_HOME/grype/config.yaml$XDG_CONFIG_HOME/grype/config.ymlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
grype | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/anchore/grype
install metadata
| Package key | brew:grype |
|---|---|
| Version | 0.115.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/grype |
| Homepage | https://github.com/anchore/grype |
| Repository | https://github.com/anchore/grype |
| Upstream docs | https://github.com/anchore/grype#readme |
| License | Apache-2.0 |
| Source archive | https://github.com/anchore/grype/archive/refs/tags/v0.115.0.tar.gz |
| Last updated | 2026-06-26T12:38:16Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | grype |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
grype
nix profile install nixpkgs#grypegrype 0.111.0-r1
Vulnerability scanner for container images, filesystems, and SBOMs
https://github.com/anchore/grype
sudo apk add grypegrype-bash-completion 0.111.0-r1
Bash completions for grype
https://github.com/anchore/grype
sudo apk add grype-bash-completiongrype-fish-completion 0.111.0-r1
Fish completions for grype
https://github.com/anchore/grype
sudo apk add grype-fish-completiongrype-zsh-completion 0.111.0-r1
Zsh completions for grype
https://github.com/anchore/grype
sudo apk add grype-zsh-completiongrype 0.114.0-1.1
A vulnerability scanner for container images and filesystems
https://github.com/anchore/grype
sudo zypper install grypegrype-bash-completion 0.114.0-1.1
Bash Completion for grype
https://github.com/anchore/grype
sudo zypper install grype-bash-completiongrype-fish-completion 0.114.0-1.1
Fish Completion for grype
https://github.com/anchore/grype
sudo zypper install grype-fish-completiongrype-zsh-completion 0.114.0-1.1
Zsh Completion for grype
https://github.com/anchore/grype
sudo zypper install grype-zsh-completiongrype
sudo port install grypegrype
choco install grypemain/grype
scoop install main/grypeAnchore.Grype
winget install --id Anchore.Grype -esource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.