Skip to main content

Grype Scanner Reference

You can set up a Security step with Grype to detect vulnerabilities and misconfigurations in your container images.

Important Notes

Required Settings

  • product_name = grype
  • scan_type = orchestratedScan
  • product_config_name = default
  • container_domain — The image registry domain, for example docker.io
  • container_project — The image owner and project, for example harness/delegate
  • container_tag — The tag of the image to scan, for example latest
  • container_type — Set to local_imagedocker_v2jfrog_artifactory, or aws_ecr

The following settings are also required, depending on the container type:

  • if container_type = docker_v2
    • container_access_id: Username
    • container_access_token: Password/token
  • if container_type = aws_ecr
    • container_access_id: Username
    • container_access_token: Password/token
    • container_region: Image registry AWS region
  • if container_type = jfrog_artifactory
    • container_access_id: Username
    • container_access_token: Password/token