Alternatives and similar repositories for grype:

Users that are interested in grype are comparing it to the libraries listed below

• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆6,321Updated this week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆23,875Updated this week
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆4,541Updated last week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,383Updated this week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆7,438Updated this week
• aquasecurity / kube-bench
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,104Updated this week
• Checkmarx / kics
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,107Updated this week
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,725Updated last month
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,770Updated 8 months ago
• kubeshark / kubeshark
  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and paylo…
  ☆11,074Updated this week
• containers / skopeo
  Work with remote images registries - retrieving information, images, signing content
  ☆8,365Updated this week
• hadolint / hadolint
  Dockerfile linter, validate inline bash, written in Haskell
  ☆10,493Updated last month
• turbot / steampipe
  Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
  ☆7,017Updated this week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,627Updated this week
• Yelp / detect-secrets
  An enterprise friendly way of detecting and preventing secrets in code.
  ☆3,842Updated last month
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆4,774Updated 2 weeks ago
• smallstep / cli
  🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  ☆3,683Updated last week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,588Updated last year
• derailed / popeye
  👀 A Kubernetes cluster resource sanitizer
  ☆5,311Updated last week
• getsops / sops
  Simple and flexible tool for managing secrets
  ☆17,111Updated this week
• hashicorp / boundary
  Boundary enables identity-based access management for dynamic infrastructure.
  ☆3,857Updated this week
• trufflesecurity / trufflehog
  Find, verify, and analyze leaked credentials
  ☆17,428Updated this week
• goodwithtech / dockle
  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  ☆2,798Updated 3 months ago
• smallstep / certificates
  🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywher…
  ☆6,809Updated last week
• aquasecurity / tracee
  Linux Runtime Security and Forensics using eBPF
  ☆3,642Updated this week
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆6,276Updated this week
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆2,724Updated this week
• gitleaks / gitleaks
  Protect and discover secrets using Gitleaks 🔑
  ☆18,062Updated this week
• pomerium / pomerium
  Pomerium is an identity and context-aware access proxy.
  ☆4,063Updated this week