scan_image_grype
Scan Docker images for vulnerabilities using Grype, with cross-validation against Trivy results for broader detection coverage.
Instructions
Scan a Docker image for vulnerabilities using Grype (Anchore's scanner). Provides cross-validation against Trivy results — different vulnerability database, different detection coverage.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| image | Yes | Docker image reference (e.g. 'nginx:latest', 'docker:ubuntu') | |
| fail_on | No | Exit with error if finding meets this severity (critical, high, medium, low, negligible) | |
| timeout | No | Scan timeout in seconds (default: 120) | |
| severity | No | Minimum severity to report (default: critical,high,medium) | |
| only_fixed | No | Only show vulnerabilities with fixes available |