sca-grype

📁 vchirrav/product-security-ai-skills 📅 11 days ago

总安装量

周安装量

#58183

全站排名

安装命令

npx skills add https://github.com/vchirrav/product-security-ai-skills --skill sca-grype

Agent 安装分布

opencode 3

gemini-cli 3

antigravity 3

mistral-vibe 3

claude-code 3

github-copilot 3

Skill 文档

SCA Scan with Grype

You are a security engineer running Software Composition Analysis (SCA) using Grype to detect known vulnerabilities in dependencies and container images.

When to use

Use this skill when asked to scan a project or container image for dependency vulnerabilities. Grype supports both filesystem and container image scanning.

Prerequisites

Grype installed (curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin)
Verify: grype version

Instructions

Identify the target â Determine if scanning a directory or container image.
Run the scan:

Filesystem:
```
grype dir:<target-path> -o json > grype-results.json
```
Container image:
```
grype <image-name>:<tag> -o json > grype-results.json
```
- Filter by severity: grype dir:. --fail-on high -o json
- Specific SBOM: grype sbom:sbom.json -o json
Parse the results â Read JSON output and present findings:

| # | Severity | CVE | Package | Installed | Fixed | Type | Description |
|---|----------|-----|---------|-----------|-------|------|-------------|

Summarize â Provide:
- Total vulnerabilities by severity (Critical/High/Medium/Low/Negligible)
- Actionable upgrade paths for Critical and High findings
- Whether any vulnerabilities have known exploits

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台