The Grype Container and SBOM Vulnerability Scanner skill leverages Anchore Grype, an open-source vulnerability scanner for container images and filesystems. Grype identifies known vulnerabilities across OS packages (Alpine, Debian, Ubuntu, RHEL, Amazon Linux) and language-specific dependencies (Ruby, Java, JavaScript, Python, .NET, Go, PHP, Rust).

This skill enables AI coding agents to integrate vulnerability scanning directly into development workflows. Given a container image reference, a local filesystem path, or an SBOM file, Grype queries vulnerability databases including the National Vulnerability Database (NVD) and GitHub Security Advisories to produce a detailed report of CVEs affecting the target. The scanner supports Docker, OCI, and Singularity image formats, making it compatible with virtually any container runtime.

Grype provides threat and risk prioritization through EPSS (Exploit Prediction Scoring System) and KEV (Known Exploited Vulnerabilities) data, allowing the agent to focus remediation effort on vulnerabilities most likely to be exploited in the wild. Results can be filtered and augmented using OpenVEX documents, which is particularly useful for suppressing false positives or documenting accepted risks in compliance-heavy environments.

Output formats include table, JSON, CycloneDX SBOM, and template-based formats (HTML, CSV). The skill can pipe SBOM output from Syft directly into Grype for faster scanning. In CI/CD pipelines, Grype returns standard exit codes: zero for clean scans, non-zero when vulnerabilities exceed a configured severity threshold (–fail-on critical). This makes it straightforward to gate deployments on vulnerability status without custom scripting.

Licensed under Apache 2.0, Grype has over 11,000 GitHub stars and is maintained by Anchore with regular community meetings and active release cadence. It complements existing SBOM generation tools by providing the vulnerability matching layer that turns an inventory into actionable security intelligence.