Will the pre-commit hook slow down my development?

Grype is optimized for speed and leverages database caching. You can also configure it to only block on CRITICAL vulnerabilities to balance security with productivity.

Can I use this for non-containerized projects?

Yes. While it excels at container scanning, it can also scan your project directory to identify vulnerabilities in package manager files like package.json, requirements.txt, or pom.xml.

Which vulnerability scanner does this skill use?

This skill primarily utilizes Grype, an open-source vulnerability scanner from Anchore, known for its speed and comprehensive database of vulnerabilities.

Does this skill work with CI/CD platforms?

Yes, it provides workflows for integrating Grype into GitHub Actions and other CI/CD pipelines to ensure automated security checking on every build.

How do I handle false positives or unfixable vulnerabilities?

Grype supports ignore functionality and allowlists, and this skill provides guidance on documenting accepted risks and adjusting severity thresholds.

Container Vulnerability Scanner

Name: Container Vulnerability Scanner
Author: NASA-AMMOS

byNASA-AMMOS

•

보안 및 테스팅

Automates container and dependency vulnerability detection using Grype to secure software development workflows and CI/CD pipelines.

This skill integrates the open-source Grype vulnerability scanner into your development environment, enabling automated security audits of container images and software dependencies. It provides a comprehensive framework for identifying known vulnerabilities (CVEs) across multiple ecosystems including NPM, Maven, PyPI, and Docker/OCI images. By implementing manual scans, pre-commit hooks, and CI/CD integration, the skill helps developers maintain security compliance and catch critical risks early in the software lifecycle before code reaches production.

주요 기능

01High-speed vulnerability scanning for OCI and Docker images

02Detailed remediation guidance with CVE identification and fix versions

03Automated pre-commit security gates to prevent vulnerable pushes

04Configurable severity-based failure thresholds (Critical, High, etc.)

0531 GitHub stars

06Deep dependency analysis for NPM, Maven, PyPI, and more

사용 사례

01Performing bulk dependency audits for repository maintenance

02Integrating vulnerability scanning into GitHub Actions or CI/CD pipelines

03Setting up automated security gates for containerized applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nasa-ammos/slim slim-container-vulnerability-scanning

For use in Claude.ai and ChatGPT

Download Skill