grype
A vulnerability scanner for container images and filesystems. [1]
Install
(Last checked for relevance: 14-Dec-2021)Install
As 'root'...
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
Other steps on this page assume /usr/local/bin in in your PATHUsage
Usage
For example, to report vulnerabilities for Oracle SQL Developer installed in /opt/sqldeveloper...
cd /opt/sqldeveloper
grype . | more
✔ Vulnerability DB [updated] ✔ Indexed . ✔ Cataloged packages [995 packages] ✔ Scanned image [139 vulnerabilities]NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY commons-compress 1.19 1.21 GHSA-7hfm-57qf-j43q High commons-compress 1.19 1.21 GHSA-crv7-7245-f45f High commons-compress 1.19 1.21 GHSA-mc84-pj99-q6hh High commons-compress 1.19 1.21 GHSA-xqfj-vm6h-2x34 High commons-compress 1.19 CVE-2021-35515 High commons-compress 1.19 CVE-2021-35516 High commons-compress 1.19 CVE-2021-35517 High commons-compress 1.19 CVE-2021-36090 High commons-io 2.6 2.7 GHSA-gwrp-pvrq-jmwv Medium commons-io 2.6 CVE-2021-29425 Medium guava 27.0.1-jre 30.0-jre GHSA-5mg8-w23w-74h3 Low guava 27.0.1-jre CVE-2020-8908 Low httpclient 4.5.6 4.5.13 GHSA-7r82-7xv7-xcpj Medium httpclient 4.5.6 CVE-2020-13956 Medium httpclient 4.5.7 4.5.13 GHSA-7r82-7xv7-xcpj Medium httpclient 4.5.7 CVE-2020-13956 Medium jackson-databind 2.10.1 2.10.5.1 GHSA-288c-cq4h-88gq High jackson-databind 2.10.1 CVE-2020-25649 High jackson-databind 2.9.9 2.9.10 GHSA-cf6r-3wgc-h863 High jackson-databind 2.9.9 2.9.10.4 GHSA-fqwf-pjwf-7vqv Medium jackson-databind 2.9.9 2.9.10 GHSA-qmqc-x3r4-6v39 High jackson-databind 2.9.9 2.9.10 GHSA-f3j5-rmmp-3fc5 Critical...
The above example was for version 19.4 of SQL Developer. Note how the number of vulnerbilites reduces when testing version 21.4 instead...
✔ Vulnerability DB [no update available] ✔ Indexed . ✔ Cataloged packages [998 packages] ✔ Scanned image [14 vulnerabilities]NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY batik-all 1.11.0.0.1 CVE-2019-17566 High batik-all 1.11.0.0.1 CVE-2020-11987 High commons-io 2.6 2.7 GHSA-gwrp-pvrq-jmwv Medium commons-io 2.6 CVE-2021-29425 Medium httpclient 4.5.10 4.5.13 GHSA-7r82-7xv7-xcpj Medium httpclient 4.5.10 CVE-2020-13956 Medium jsch-agentproxy-core 0.0.8 CVE-2016-5725 Medium jsch-agentproxy-pageant 0.0.8 CVE-2016-5725 Medium jsch-agentproxy-sshagent 0.0.8 CVE-2016-5725 Medium jsch-agentproxy-usocket-jna 0.0.8 CVE-2016-5725 Medium org.eclipse.equinox.common_3.6.0.v20100503 3.6.0.v20100503 CVE-2021-41033 High svnClientAdapter r2847 (February 23 2010) CVE-2007-2448 Low svnClientAdapter r2847 (February 23 2010) CVE-2007-3846 Medium svnClientAdapter r2847 (February 23 2010) CVE-2009-2411 High