grype

OfficialAgent-readyInfraSecurity

Vulnerability scanning, sbom analysis, and policies from the terminal.

The official CLI from Anchore. Vulnerability scanning, sbom analysis, and policies from the terminal. Supports structured output — good for scripts and agents.

Task fit

vulnerability scanning, sbom analysis, and policies from the terminal.

Lane

Work with Kubernetes, Terraform, containers, and ops tooling with more confidence.

Operator brief

Use grype for vulnerability scanning, sbom analysis, and policies from the terminal.

Run `grype dir:.` and see what comes back.

Repository family

Anchore

First trust check

grype responds locally and is ready for the first real command.

Safe first loop

Install, verify, then run one real command.

Infra inspection loop

Install command

$ brew install grype

Operator pack

Copy or export the working notes for this CLI before handing it to an agent.

Verify

$ grype --version

grype responds locally and is ready for the first real command.

First real command

$ grype dir:.

First steps

01Install grype.
02Run `grype --version` first.
03Start with `grype dir:.`.
04Install the infra CLI and verify kubeconfig, Docker context, or cloud credentials.

When to use / hold off when

Best for

vulnerability scanning, sbom analysis, and policies from the terminal.

Use this when

You want security scanning you can script with structured output.

Hold off when

You don't work with security scanning.

Trust and constraints

automation-ready100/100

OfficialInstall readyAutomation-ready

JSON outputYes

Non-interactiveYes

CI-friendlyYes

Why operators pick it

grype fits infra well, especially for vulnerability scanning, sbom analysis, and policies from the terminal.
It is the official CLI from Anchore.
Good for scripts and agents.

Constraints