Why You Shouldn't Use Microsoft Windows11.

...

LMDE5 - Linux Mint Debian Edition.

LMDE5 -...

Why Should I Not Use Windows10?

Here are a...

Grype - Vulnerability scanner for container images and filesystems

English

Grype - Vulnerability scanner for container images and filesystems.

Now here is why you need Grype: You believe your Linux system is 100% secure, it is not. Why is there not a tool like this for Windows? Yes, they do not want you to know.

Anyways in Linux you will atleast find one problem from Google™, way back in 2015 in GoLang, so I threw it out completely.

The other problem is LibreOffices Java, so my recommendation is just simply remove LibreOffice completely and replace it with FreeOffice2021.

Now I decided to install Grype it on its default path, because this is just a test system I am using. It contains no data of personal value and is easily restored when needed.

Grype Features:

Scan the contents of a container image or filesystem to find known vulnerabilities. By default, Grype automatically manages this database for you. Grype checks for new updates to the vulnerability database to make sure that every scan uses up-to-date vulnerability information.

For normal usage, there is no need for users to manage Grype's database! Grype manages its database behind the scenes. However, for users that need more control, Grype provides options to manage the database more explicitly.

Find vulnerabilities for major operating system packages:

  • Alpine
  • Amazon Linux
  • BusyBox
  • CentOS
  • Debian / LMDE5
  • Distroless
  • Oracle Linux
  • Red Hat (RHEL)
  • Ubuntu / Linux Mint

Find vulnerabilities for language-specific packages:

  • Ruby (Gems)
  • Java (JAR, WAR, EAR, JPI, HPI)
  • JavaScript (NPM, Yarn)
  • Python (Egg, Wheel, Poetry, requirements.txt/setup.py files)
  • Dotnet (deps.json)
  • Golang (go.mod)
  • PHP (Composer)
  • Rust (Cargo)
  • Supports Docker, OCI and Singularity image formats.
  • Consume SBOM attestations.

Now the not so good part:

It only finds "known" as in reported vulnerabilities from sources like:

Most problems are in Python Pillow for now, but you should really install this as well as others I recommended to secure your system.

Grype is not available in Debian 11 "Bullseye" repository nor LMDE5 repository.

How to install:

First download grype and install it via a terminal window:

curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin

Press Enter.

I will be installed here:

/usr/local/bin/grype

How to use it:

To do a complete scan of your system:

grype dir:/

Press Enter.

Note: It will not be able to scan some parts that are encrypted.

There are commands to exclude dirs and ignore vulnerabilities not patched, but I think you would want to know, right ?

You can learn more at the developers site...

Developers website

 

Buy Us A Coffee

Here is the link if you want to support us with a small donation.
This may help you and others gain better information and help us with the cost of the server.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers