Habilidades container-grype Historial de auditorías
📦

Historial de auditorías

container-grype - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo medio

Jun 28, 2026, 06:18 AM

Static analysis found many command, network, filesystem, environment, and script patterns, but most are documentation examples for legitimate vulnerability scanning workflows. The confirmed risks are operational: some CI templates install tools with curl piped to a shell and one Jenkins example mounts the Docker socket, so publication is acceptable only with clear warnings and review guidance.

10
Archivos escaneados
3,459
Líneas analizadas
9
Review items
0
False positives ignored

Confirmed security concerns (1)

Medio
Docker Socket Mounted Into Jenkins Scan Container
The Jenkins example mounts /var/run/docker.sock into the Grype container. This is sometimes required for image scanning, but it gives the scan container broad control over the Docker daemon if the container or pipeline is compromised.
The Docker socket mount is explicitly present in the Jenkins CI example. It is a legitimate operational pattern, but it materially expands pipeline privileges.
Capability review items (3)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Medio
Remote Installer Piped to Shell in CI Templates
The CircleCI and Azure examples install Grype by downloading a script from GitHub and piping it directly to a shell. This is a real supply-chain risk if users copy the templates without pinning, checksum verification, or controlled package sources.
The pattern is present in executable CI snippets and would execute remote code during builds. Confidence is high, but the context is an example template for a security scanner rather than hidden malicious behavior.
Bajo
Educational Security Examples Trigger Static Patterns
Several findings are false positives from educational examples that demonstrate vulnerable patterns, CVSS concepts, CISA KEV prioritization, or remediation guidance. These examples are not executed by the skill itself.
The surrounding files are clearly templates or reference documents, and the flagged lines are used to teach detection and remediation. They should be documented, but they do not show active malicious behavior.
Bajo
Normal CI Token and Local Configuration Access
The GitHub token, environment variable, .grype.yaml, cache directory, and report file reads are expected for CI security reporting and Grype configuration. No evidence found that the skill exfiltrates secrets or reads unrelated user files.
The evidence appears in CI configuration and local Grype configuration examples. It remains low risk because users may copy the templates into privileged environments.

Patrones detectados

Pipe to Shell Installation PatternPrivileged Docker Daemon AccessShell Command Examples Require Input Control
Auditado por: codex

Versión de auditoría 5

Seguro

Jan 16, 2026, 03:18 PM

Documentation-only skill containing markdown files and YAML configuration templates for the open-source Grype vulnerability scanner. All 332 static findings are false positives - the scanner flagged shell command examples (177), URL references (45), and environment variable patterns (27) in documentation as security issues. No executable code exists. This skill provides documentation and workflows for container vulnerability scanning but performs no actual scanning, network access, or file system operations beyond reading its own documentation files.

11
Archivos escaneados
3,702
Líneas analizadas
4
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 4

Seguro

Jan 16, 2026, 03:18 PM

Documentation-only skill containing markdown files and YAML configuration templates for the open-source Grype vulnerability scanner. All 332 static findings are false positives - the scanner flagged shell command examples (177), URL references (45), and environment variable patterns (27) in documentation as security issues. No executable code exists. This skill provides documentation and workflows for container vulnerability scanning but performs no actual scanning, network access, or file system operations beyond reading its own documentation files.

11
Archivos escaneados
3,702
Líneas analizadas
4
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:19 AM

Documentation-only skill with no executable code. Contains only markdown documentation and YAML configuration templates for the open-source Grype vulnerability scanner. No scripts, network calls, or file system access beyond its own documentation files.

10
Archivos escaneados
3,159
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:19 AM

Documentation-only skill with no executable code. Contains only markdown documentation and YAML configuration templates for the open-source Grype vulnerability scanner. No scripts, network calls, or file system access beyond its own documentation files.

10
Archivos escaneados
3,159
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:19 AM

Documentation-only skill with no executable code. Contains only markdown documentation and YAML configuration templates for the open-source Grype vulnerability scanner. No scripts, network calls, or file system access beyond its own documentation files.

10
Archivos escaneados
3,159
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude