add grype + cheatsheet

grype/README.md

@@ -0,0 +1,36 @@
+---
+title: Grype
+homepage: https://github.com/anchore/grype/
+tagline: |
+ Grype is a vulnerability scanner for container images and filesystems.  
+---
+
+To update or switch versions, run `webi grype@stable` (or `@v0.6`, `@beta`,
+etc)
+
+## Cheat Sheet
+
+> It also helps find vulnerabilites for major operating system and language-specific packages.
+> Supports Docker, OCI and Singularity image formats, OpenVEX support for filtering and augmenting scanning results.
+> Works with `syft`, a powerful `SBOM` (software bill of materials) tool for container images and filesystems
+
+### To scan for vulnerabilities in an image:
+
+```sh
+grype <image>
+```
+
+### To scan all image layers
+
+```sh
+grype <image> --scope all-layers
+```
+
+### To run grype from a Docker container so it can scan a running container
+
+```sh
+docker run --rm \
+--volume /var/run/docker.sock:/var/run/docker.sock \
+--name Grype anchore/grype:latest \
+$(ImageName):$(ImageTag)
+```

grype/install.ps1

@@ -0,0 +1,61 @@
+#!/usr/bin/env pwsh
+
+##################
+# Install grype #
+##################
+
+# Every package should define these variables
+$pkg_cmd_name = "grype"
+
+$pkg_dst_cmd = "$Env:USERPROFILE\.local\bin\grype.exe"
+$pkg_dst = "$pkg_dst_cmd"
+
+$pkg_src_cmd = "$Env:USERPROFILE\.local\opt\grype-v$Env:WEBI_VERSION\bin\grype.exe"
+$pkg_src_bin = "$Env:USERPROFILE\.local\opt\grype-v$Env:WEBI_VERSION\bin"
+$pkg_src_dir = "$Env:USERPROFILE\.local\opt\grype-v$Env:WEBI_VERSION"
+$pkg_src = "$pkg_src_cmd"
+
+New-Item "$Env:USERPROFILE\Downloads\webi" -ItemType Directory -Force | out-null
+$pkg_download = "$Env:USERPROFILE\Downloads\webi\$Env:WEBI_PKG_FILE"
+
+# Fetch archive
+IF (!(Test-Path -Path "$Env:USERPROFILE\Downloads\webi\$Env:WEBI_PKG_FILE"))
+{
+    echo "Downloading grype from $Env:WEBI_PKG_URL to $pkg_download"
+    & curl.exe -A "$Env:WEBI_UA" -fsSL "$Env:WEBI_PKG_URL" -o "$pkg_download.part"
+    & move "$pkg_download.part" "$pkg_download"
+}
+
+IF (!(Test-Path -Path "$pkg_src_cmd"))
+{
+    echo "Installing grype"
+
+    # TODO: create package-specific temp directory
+    # Enter tmp
+    pushd .local\tmp
+
+        # Remove any leftover tmp cruft
+        Remove-Item -Path ".\grype-v*" -Recurse -ErrorAction Ignore
+        Remove-Item -Path ".\grype.exe" -Recurse -ErrorAction Ignore
+
+        # NOTE: DELETE THIS COMMENT IF NOT USED
+        # Move single binary into root of temporary folder
+        #& move "$pkg_download" "grype.exe"
+
+        # Unpack archive file into this temporary directory
+        # Windows BSD-tar handles zip. Imagine that.
+        echo "Unpacking $pkg_download"
+        & tar xf "$pkg_download"
+
+        # Settle unpacked archive into place
+        echo "Install Location: $pkg_src_cmd"
+        New-Item "$pkg_src_bin" -ItemType Directory -Force | out-null
+        Move-Item -Path ".\grype-*\grype.exe" -Destination "$pkg_src_bin"
+
+    # Exit tmp
+    popd
+}
+
+echo "Copying into '$pkg_dst_cmd' from '$pkg_src_cmd'"
+Remove-Item -Path "$pkg_dst_cmd" -Recurse -ErrorAction Ignore | out-null
+Copy-Item -Path "$pkg_src" -Destination "$pkg_dst" -Recurse

grype/install.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+set -e
+set -u
+
+__init_grype() {
+
+    ##################
+    # Install Grype  #
+    ##################
+
+    # Every package should define these 6 variables
+    pkg_cmd_name="grype"
+
+    pkg_dst_cmd="$HOME/.local/bin/grype"
+    pkg_dst="$pkg_dst_cmd"
+
+    pkg_src_cmd="$HOME/.local/opt/grype-v$WEBI_VERSION/bin/grype"
+    pkg_src_dir="$HOME/.local/opt/grype-v$WEBI_VERSION"
+    pkg_src="$pkg_src_cmd"
+
+    # pkg_install must be defined by every package
+    pkg_install() {
+        # ~/.local/opt/grype-v0.99.9/bin
+        mkdir -p "$(dirname "${pkg_src_cmd}")"
+
+        # mv ./grype ~/.local/opt/grype-v0.99.9/bin/grype
+         mv ./"$pkg_cmd_name"* "$pkg_src"
+    }
+
+    # pkg_get_current_version is recommended, but not required
+    pkg_get_current_version() {
+        # 'grype --version' has output in this format:
+        #       grype 0.99.9 (rev abcdef0123)
+        # This trims it down to just the version number:
+        #       0.99.9
+        grype --version 2> /dev/null |
+            head -n 1 |
+            cut -d ' ' -f 2
+    }
+
+}
+
+__init_grype

grype/releases.js

@@ -0,0 +1,20 @@
+'use strict';
+
+var github = require('../_common/github.js');
+var owner = 'anchore';
+var repo = 'grype';
+
+module.exports = function (request) {
+  return github(request, owner, repo).then(function (all) {
+    return all;
+  });
+};
+
+if (module === require.main) {
+  module.exports(require('@root/request')).then(function (all) {
+    all = require('../_webi/normalize.js')(all);
+    // just select the first 5 for demonstration
+    all.releases = all.releases.slice(0, 5);
+    console.info(JSON.stringify(all, null, 2));
+  });
+}