Enchance Grype security scanner with vulners.com database with AI based vulnerability scoring, exploit prediction, analytics and more:
- vulnersScore - AI based vulnerability score
- epss - Exploit Prediction Scoring System score
- cvss2, cvss3 - CVSS v2 and v3 scores
- aiDescription - Shortened vulnerability description
- aiTags - Tags showing vulnerability types, vendor and product names
- isWildExploited - known facts of vulnerability exploited in the wild
- exploitsCount - number of known exploits for vulnerability
- href - link to vulnerability page on vulners.com
-
Clone repository
-
set environment variable to disable auto updates (important for updating by schedule per day)
export GRYPE_DB_AUTO_UPDATE=false -
replace Vulners apikey inside grype-vulners-db-update.sh, for example:
apiKey=ZNDI...DXI3S -
replace path, username and group inside grype-vulners-update.service
User=your_usernameGroup=your_groupExecStart=bin/bash /path/to/grype_vulners/grype-vulners-db-update.sh -
make sh file executable
chmod +x /path/to/grype_vulners/grype-vulners-db-update.sh -
add workers for databases daily updates
systemctl daemon-reloadsystemctl enable /path/to/grype_vulners/grype-vulners-update.servicesystemctl enable /path/to/grype_vulners/grype-vulners-update.timer -
start worker
systemctl start grype-vulners-update.timer
-
update grype db without vulners db
grype db update -
run command
grype debian -o json > grype_example.json -
start worker following the instructions above and run command again
grype debian -o json > grype_vulners_example.json