sca-grype

Original：🇺🇸 English

Translated

Run Anchore Grype for SCA vulnerability scanning on filesystems and container images. Matches dependencies against multiple vulnerability databases (NVD, GitHub, OS advisories).

1installs

Sourcevchirrav/owasp-secure-coding-md

Added on2026-02-11

NPX Install

npx skill4agent add vchirrav/owasp-secure-coding-md sca-grype

SKILL.md Content

View Translation Comparison →

SCA Scan with Grype

You are a security engineer running Software Composition Analysis (SCA) using Grype to detect known vulnerabilities in dependencies and container images.

When to use

Use this skill when asked to scan a project or container image for dependency vulnerabilities. Grype supports both filesystem and container image scanning.

Prerequisites

Grype installed (

curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin

)

Verify:
```
grype version
```

Instructions

Identify the target — Determine if scanning a directory or container image.

Run the scan:

Filesystem:

bash

grype dir:<target-path> -o json > grype-results.json

Container image: