Open-Source Wikis

/

Grype

/

Features

anchore/grype

Features

Cross-cutting capabilities that span multiple systems. These are user-visible features rather than architectural building blocks — when a user asks "can Grype do X?", X usually shows up here.

The features

Feature Pages One-liner
VEX processing OpenVEX + CSAF document handling.
Ignore rules YAML/CLI rules for moving matches into the suppressed set.
Risk prioritization EPSS, CISA KEV, severity gating, and risk scoring.
Database lifecycle Auto-update, listing verification, manual import, status checks.

Cross-cutting nature

Each feature touches several systems:

  • VEX spans grype/vex/ (parsing), grype/match/ (filter integration), grype/vulnerability_matcher.go (orchestration), and presenters (which surface VEX status).
  • Ignore rules live in grype/match/ignore.go but are surfaced via CLI flags in cmd/grype/cli/options/, hard-coded augmentations in cmd/grype/cli/commands/root.go, and the JSON output in grype/presenter/models/.
  • Risk prioritization combines DB-side data (EPSS/KEV in grype/db/v6/vulnerability_decorator_store.go), CLI flags (--by-cve, --fail-on), and presenter logic (which fields appear in JSON/table output).
  • Database lifecycle spans the db subcommands (cmd/grype/cli/commands/db_*.go) and the curator (grype/db/v6/installation/).

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Features – Grype wiki | Factory