Grype Security Scanning

See ADR-0003 for why Grype over Trivy.

Installation

curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin

Basic Scan

grype IMAGE:TAG

Fail on High Severity (pipeline gate)

grype IMAGE:TAG --fail-on high