🍺 BREW Explorer

← all formulae

grype

brew install grype v0.114.0 Apache-2.0

Go command-line vulnerability scanner for container images and filesystems with CVE detection.

Why you might care

Grype scans OCI container images and local filesystems for known vulnerabilities in dependencies, integrating easily into CI/CD pipelines and supply-chain workflows. It's faster than layered scanning approaches and outputs in multiple formats (JSON, SARIF, CycloneDX) for compliance and toolchain integration.

Categories

scanner security container-runtime

Alternatives

trivy snyk syft
2.3k
30-day installs · #901
7.6k
90-day · #922
32.2k
365-day · #855
12.5k
★ GitHub stars · updated 1d ago

Build dependencies

go

GitHub topics

container-image containers cyclonedx docker go golang hacktoberfest oci openvex security static-analysis tool vex vulnerabilities vulnerability

Links

Blurb generated by claude-haiku-4-5 on today.

Raw metadata 
{
  "aliases": [],
  "alternatives": [
    "trivy",
    "snyk",
    "syft"
  ],
  "build_dependencies": [
    "go"
  ],
  "categories": [
    "scanner",
    "security",
    "container-runtime"
  ],
  "caveats": null,
  "conflicts_with": [],
  "dependencies": [],
  "deprecated": 0,
  "deprecation_reason": null,
  "desc": "Vulnerability scanner for container images and filesystems",
  "disable_reason": null,
  "disabled": 0,
  "enrichment_fetched_at": "2026-06-20T23:38:28+00:00",
  "first_seen": "2026-06-20T23:34:18+00:00",
  "full_name": "grype",
  "github_default_branch": "main",
  "github_last_commit_at": "2026-06-19T15:55:11Z",
  "github_readme_excerpt": "\u003cp align=\"center\"\u003e\n    \u003cimg alt=\"Grype logo\" src=\"https://user-images.githubusercontent.com/5199289/136855393-d0a9eef9-ccf1-4e2b-9d7c-7aad16a567e5.png\" width=\"234\"\u003e\n\u003c/p\u003e\n\n# Grype\n\n**A vulnerability scanner for container images and filesystems.**\n\n\u003cp align=\"center\"\u003e\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/actions?query=workflow%3A%22Static+Analysis+%2B+Unit+%2B+Integration%22\"\u003e\u003cimg src=\"https://github.com/anchore/grype/workflows/Static%20Analysis%20+%20Unit%20+%20Integration/badge.svg\" alt=\"Static Analysis + Unit + Integration\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/actions/workflows/validations.yaml\"\u003e\u003cimg src=\"https://github.com/anchore/grype/workflows/Validations/badge.svg\" alt=\"Validations\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://goreportcard.com/report/github.com/anchore/grype\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/anchore/grype\" alt=\"Go Report Card\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/release/anchore/grype.svg\" alt=\"GitHub release\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype\"\u003e\u003cimg src=\"https://img.shields.io/github/go-mod/go-version/anchore/grype.svg\" alt=\"GitHub go.mod Go version\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://github.com/anchore/grype/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg\" alt=\"License: Apache-2.0\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca href=\"https://anchore.com/discourse\"\u003e\u003cimg src=\"https://img.shields.io/badge/Discourse-Join-blue?logo=discourse\" alt=\"Join our Discourse\"\u003e\u003c/a\u003e\u0026nbsp;\n    \u0026nbsp;\u003ca rel=\"me\" href=\"https://fosstodon.org/@grype\"\u003e\u003cimg src=\"https://img.shields.io/badge/Mastodon-Follow-blue?logoColor=white\u0026logo=mastodon\" alt=\"Follow on Mastodon\"\u003e\u003c/a\u003e\u0026nbsp;\n\u003c/p\u003e\n\n![grype-demo](https://user-images.githubusercontent.com/590471/90276236-9868f300-de31-11ea-8068-4268b6b68529.gif)\n\n## Features\n\n- Scan **container images**, **filesystems**, and **SBOMs** for known vulnera",
  "github_repo": "anchore/grype",
  "github_stars": 12455,
  "github_topics": [
    "container-image",
    "containers",
    "cyclonedx",
    "docker",
    "go",
    "golang",
    "hacktoberfest",
    "oci",
    "openvex",
    "security",
    "static-analysis",
    "tool",
    "vex",
    "vulnerabilities",
    "vulnerability"
  ],
  "homepage": "https://github.com/anchore/grype",
  "homepage_og_description": null,
  "homepage_og_image": null,
  "homepage_title": null,
  "installs_30d": 2319,
  "installs_365d": 32185,
  "installs_90d": 7604,
  "keg_only": 0,
  "keg_only_reason": null,
  "last_seen": "2026-06-20T23:34:18+00:00",
  "license": "Apache-2.0",
  "llm_generated_at": "2026-06-20T23:47:45+00:00",
  "llm_model": "claude-haiku-4-5",
  "name": "grype",
  "oldnames": [],
  "one_liner": "Go command-line vulnerability scanner for container images and filesystems with CVE detection.",
  "optional_dependencies": [],
  "rank_30d": 901,
  "rank_365d": 855,
  "rank_90d": 922,
  "raw_hash": "daba764d5d507bb0",
  "recommended_dependencies": [],
  "revision": 0,
  "ruby_source_path": "Formula/g/grype.rb",
  "tap": "homebrew/core",
  "test_dependencies": [],
  "uses_from_macos": [],
  "version_head": "HEAD",
  "version_stable": "0.114.0",
  "versioned_formulae": [],
  "why_use_this": "Grype scans OCI container images and local filesystems for known vulnerabilities in dependencies, integrating easily into CI/CD pipelines and supply-chain workflows. It\u0027s faster than layered scanning approaches and outputs in multiple formats (JSON, SARIF, CycloneDX) for compliance and toolchain integration."
}