anchore/grype
Features
Cross-cutting capabilities that span multiple systems. These are user-visible features rather than architectural building blocks — when a user asks "can Grype do X?", X usually shows up here.
The features
| Feature | Pages | One-liner |
|---|---|---|
| VEX processing | OpenVEX + CSAF document handling. | |
| Ignore rules | YAML/CLI rules for moving matches into the suppressed set. | |
| Risk prioritization | EPSS, CISA KEV, severity gating, and risk scoring. | |
| Database lifecycle | Auto-update, listing verification, manual import, status checks. |
Cross-cutting nature
Each feature touches several systems:
- VEX spans
grype/vex/(parsing),grype/match/(filter integration),grype/vulnerability_matcher.go(orchestration), and presenters (which surface VEX status). - Ignore rules live in
grype/match/ignore.gobut are surfaced via CLI flags incmd/grype/cli/options/, hard-coded augmentations incmd/grype/cli/commands/root.go, and the JSON output ingrype/presenter/models/. - Risk prioritization combines DB-side data (EPSS/KEV in
grype/db/v6/vulnerability_decorator_store.go), CLI flags (--by-cve,--fail-on), and presenter logic (which fields appear in JSON/table output). - Database lifecycle spans the
dbsubcommands (cmd/grype/cli/commands/db_*.go) and the curator (grype/db/v6/installation/).
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.