Skip to main content
This guide demostrates how to use a PodArmor Grype fork to scan a container image for vulnerabilities.

Introduction

PodArmor creates its own packages and distribution from scratch and hence currently requires a fork of Grype which adds a PodArmor provider as described in Vunnel to scan the images. The forks are available at PodArmor Grype and PodArmor Vunnel. We also create a docker image of the build process for ease of use at Vulnerability Scanner. You can also use the Dockerfile to build your own image. We’ll now demonstrate how to use this image to scan for vulnerabilities in PodArmor container images.

Pull the PodArmor Grype Image

Pull the PodArmor Grype image using the following command: 
docker pull podarmor/grype:latest

Scan a container image

To scan a container image, run the following command: 
docker run podarmor/grype:latest parmor.azurecr.io/podarmor-base/podarmor-base:12
To scan a container image in a private registry, run the following command: 
docker run -e REGISTRY_URL=<url> -e REGISTRY_USERNAME=<username> -e REGISTRY_PASSWORD=<token> <image>