grype

Features:
- Scan container images, filesystems, and SBOMs for known vulnerabilities
- Supports major OS package ecosystems (Alpine, Debian, Ubuntu, RHEL, Oracle Linux, Amazon Linux, and more)
- Supports language-specific packages (Ruby, Java, JavaScript, Python, .NET, Go, PHP, Rust, and more)
- Supports Docker, OCI, and Singularity image formats
- Threat & risk prioritization with EPSS, KEV, and risk scoring
- OpenVEX support for filtering and augmenting scan results