This is a watcher repository surrounding Anchore's Grype to package the current vulnerabilty database into the container image. This makes it easier to run Grype in an offline or air-gapped environment.

As this is a wrapper around the Grype image, the usage is the same as the Grype image. The only difference is that the Grype image is now kchason/grype-packed instead of anchore/grype.

For example, to scan a container image:

docker run --rm \
--volume /var/run/docker.sock:/var/run/docker.sock \
--name Grype kchason/grype-packed:latest \
$(ImageName):$(ImageTag)

Full documentation is available in the Grype repository: https://github.com/anchore/grype

All images are based off the latest Grype image (anchore/grype:latest).

The latest image in this repository (kchason/grype-packed:latest) is the most up to date image. Images are alternatively tagged with their build date which contains the date the image was built in the format YYYYMMDD (e.g. kchason/grype-packed:20240801).