Alternatives and similar repositories for grype

Users that are interested in grype are comparing it to the libraries listed below

• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆6,954Updated this week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆26,618Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,619Updated this week
• gitleaks / gitleaks
  Find secrets with Gitleaks 🔑
  ☆19,776Updated this week
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,816Updated 2 weeks ago
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆4,916Updated this week
• aquasecurity / kube-bench
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,434Updated this week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆7,894Updated this week
• docker / docker-bench-security
  The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in productio…
  ☆9,371Updated 6 months ago
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,855Updated last year
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,892Updated this week
• getsops / sops
  Simple and flexible tool for managing secrets
  ☆18,464Updated this week
• slimtoolkit / slim
  Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it …
  ☆21,638Updated last week
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,023Updated this week
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆11,642Updated this week
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆7,389Updated 2 weeks ago
• pomerium / pomerium
  Pomerium is an identity and context-aware access proxy.
  ☆4,262Updated this week
• GoogleContainerTools / kaniko
  Build Container Images In Kubernetes
  ☆15,525Updated this week
• gravitational / teleport
  The easiest, and most secure way to access and protect all of your infrastructure.
  ☆18,456Updated this week
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆4,928Updated last week
• hadolint / hadolint
  Dockerfile linter, validate inline bash, written in Haskell
  ☆10,926Updated last month
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,586Updated 2 years ago
• goss-org / goss
  Quick and Easy server testing/validation
  ☆5,735Updated 2 weeks ago
• aquasecurity / tracee
  Linux Runtime Security and Forensics using eBPF
  ☆3,874Updated this week
• bitnami-labs / sealed-secrets
  A Kubernetes controller and tool for one-way encrypted Secrets
  ☆8,206Updated last week
• GoogleContainerTools / distroless
  🥑 Language focused docker images, minus the operating system.
  ☆20,468Updated this week
• containers / skopeo
  Work with remote images registries - retrieving information, images, signing content
  ☆9,157Updated last week
• smallstep / certificates
  🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywher…
  ☆7,280Updated this week
• hashicorp / boundary
  Boundary enables identity-based access management for dynamic infrastructure.
  ☆3,921Updated this week
• trufflesecurity / trufflehog
  Find, verify, and analyze leaked credentials
  ☆19,100Updated this week