答案1
可以通过 wsl 2 for windows 10 安装 https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux
(我个人发现它比 docker 版本更好,大约快 30-40%,但这可能只是我的本地机器)
指示:
为 Windows 10 安装 wsl 2
更多信息:https://docs.microsoft.com/en-us/windows/wsl/install-win10
在 wsl 2 中通过脚本安装 grype 到本地挂载目录
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /mnt/c/xxx # in my case /mnt/c/dev/bin/grype/ === "C:\dev\bin\grype" curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /mnt/c/dev/bin/grype/
将安装 grype 的路径添加到您的 PATH 中(对我来说是“C:\dev\bin\grype”)
更多信息:https://www.architectryan.com/2018/03/17/add-to-the-path-on-windows-10/
在 Windows 上的 wsl 2 linux 中打开 grype
结果:
local@DESKTOP-GPVF0RR:~$ grype version
Application: grype
Version: 0.13.0
BuildDate: 2021-06-02T01:57:12Z
GitCommit: 3d21b8397d65770d292184b09a4f676bce6f3ec8
GitTreeState: clean
Platform: linux/amd64
GoVersion: go1.16.4
Compiler: gc
Supported DB Schema: 3
带扫描
local@DESKTOP-GPVF0RR:~$ grype python --scope all-layers
✔ Vulnerability DB [updated]
✔ Parsed image
✔ Cataloged packages [1349 packages]
✔ Scanned image [4054 vulnerabilities]
NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY
apt 1.8.2.3 CVE-2011-3374 Negligible
bash 5.0-4 CVE-2019-18276 Negligible
binutils 2.31.1-16 CVE-2018-18483 Negligible
....