Grype Github Action

Grype is an open-source vulnerability scanner developed by Anchore that identifies known vulnerabilities (CVEs) in container images and filesystems.

It supports deep analysis of OS packages and application dependencies, making it ideal for scanning container images as part of CI/CD pipelines.

🔹 Key Features of Grype

Comprehensive CVE Scanning: Detects vulnerabilities in OS and application dependencies.
Container & Filesystem Support: Scan images, directories, and archives.
SBOM Aware: Works seamlessly with SBOMs (CycloneDX, SPDX).
Severity-Based Policies: Fail builds based on vulnerability severity.
Fast & Accurate: Optimized for CI/CD environments.
Wide Ecosystem Support: Integrates with Docker, Kubernetes, and GitHub Actions.

As part of Ananta Cloud’s image security framework, we provide a standardized GitHub Action for Grype to automate vulnerability scanning during CI/CD workflows.

🔹 What It Does?

Scans container images for known CVEs.
Generates detailed vulnerability reports.
Enforces severity-based pipeline gates.
Integrates with Ananta Cloud’s container security stack.
Prevents vulnerable images from reaching production.

🔹 Benefits of Using Ananta Cloud’s Grype Action

Early Vulnerability Detection
Policy-Based Build Failures
Improved Image Security
CI/CD Friendly Automation
Enterprise-Ready Scanning

🔹 Supported Inputs

Name	Description	Required
`image`	Container image name with tag	✔️ Yes
`severity-threshold`	Fail pipeline on specified severity	❌ No
`output-format`	Output format (json, table)	❌ No
`fail-on`	Minimum severity to fail build	❌ No

🔹 Supported Outputs

None

🔹 Usage

- name: Scan image with Grype
  uses: anantacloud/actions/tree/main/security/grype
  with:
    image: docker-image:tag
    severity-threshold: high

🔹 Key Features of Grype​

🔹 What It Does?​

🔹 Benefits of Using Ananta Cloud’s Grype Action​

🔹 Supported Inputs​

🔹 Supported Outputs​

🔹 Usage​