...
Note: As mentioned already, this will only be done for Unix system. For windows the utility has to be pre-installed in the system, for which there could be several ways such as: choco install grype or through WSL 2.
| Info |
|---|
Scan Results
...
and Details:
Based on the critical, high, medium, low vulnerabilities discovered during scanning the results will render the view:
On the Scan-Results tab of the Execution we can see the tabular formatted details.
Severity: CVE Id severity.
Message: The code paths affected by the CVE.
Scan Rule: Concatenated value of CVE Id and CVE namespace (found in the scan-results.json file under vulnerability segment).
Scan Component: Concatenated value of Artifact name, artifact Id and artifact version (found in the scan-results.json file under artifacts segment).
Note:
If there is any Grype specific argument that is present in the config file and also specified in the plugin input, then the ones mentioned in the plugin input separately, takes precedence over the content present in the config file. This is inherent feature of Grype utility, that the CLI arguments takes more priority over the same ones mentioned in the configuration file.
Property Replacement is supported in the Configuration yaml however it is strongly advised to not specify credentials details in it and instead one must utilize the Plugin input or Target Group property for Registry Account specification, which points to the account created in Integration → Containers page.
If configuration file has specified default-image-pull-source to “registry” and trying to scan a local image, it won’t work, since Grype will try to pull it from docker hub or remote registry. Please ensure to not specify it in this case.
Even though there are open-source utilities available for Grype for execution on Windows based OS, however it is always recommended to do the scanning in Linux based endpoints, as then it directly downloads the officially supported Grype utility available for Linux.