← ClaudeAtlas

container-grypelisted

Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.
aiskillstore/marketplace · ★ 329 · AI & Automation · score 85
Install: claude install-skill aiskillstore/marketplace
# Container Vulnerability Scanning with Grype ## Overview Grype is an open-source vulnerability scanner that identifies known security flaws in container images, filesystems, and Software Bill of Materials (SBOM) documents. It analyzes operating system packages (Alpine, Ubuntu, Red Hat, Debian) and language-specific dependencies (Java, Python, JavaScript, Ruby, Go, PHP, Rust) against vulnerability databases to detect CVEs. Grype emphasizes actionable security insights through: - CVSS severity ratings for risk classification - EPSS exploit probability scores for threat assessment - CISA Known Exploited Vulnerabilities (KEV) indicators - Multiple output formats (table, JSON, SARIF, CycloneDX) for toolchain integration ## Quick Start Scan a container image: ```bash grype <image-name> ``` Examples: ```bash # Scan official Docker image grype alpine:latest # Scan local Docker image grype myapp:v1.2.3 # Scan filesystem directory grype dir:/path/to/project # Scan SBOM file grype sbom:/path/to/sbom.json ``` ## Core Workflow ### Basic Vulnerability Scan 1. **Identify scan target**: Determine what to scan (container image, filesystem, SBOM) 2. **Run Grype scan**: Execute `grype <target>` to analyze for vulnerabilities 3. **Review findings**: Examine CVE IDs, severity, CVSS scores, affected packages 4. **Prioritize remediation**: Focus on critical/high severity, CISA KEV, high EPSS scores 5. **Apply fixes**: Update vulnerable packages or base images 6. **Re-scan**: Verify vul