Skip to main content

Grype

Grype is a vulnerability scanner for container images and filesystems.

🚀 Usage​

Add the following command to your CI configuration file:

fluentci run --wasm grype scan hashicorp/terraform:1.8 --fail-on critical

Commands​

NameDescription
setupInstall Grype
scanScan a container image, SBOM, or filesystem for vulnerabilities

Code examples​

Add fluentci-pdk crate to your Cargo.toml:

[dependencies]
fluentci-pdk = "0.2.1"

Use the following code to call a module function:

use fluentci_pdk::dag;

// ...

dag().call(
"https://pkg.fluentci.io/[email protected]?wasm=1",
"scan",
vec!["hashicorp/terraform:1.8", "--fail-on", "critical"],
);

CI/CD Integration​

The following example shows how to integrate FluentCI with popular CI providers to scan vulnerabilities using Grype:

ci.yml
name: ci
on:
push:
branches:
- main
jobs:
tasks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Fluent CI
uses: fluentci-io/setup-fluentci@v5
with:
wasm: true
plugin: grype
args: |
scan hashicorp/terraform:1.8 --fail-on critical