Grype Integration

Integrate with Grype to check for vulnerabilities for your services in OpsLevel.

Add a Grype Integration

  1. In the OpsLevel app, Click Integrations in the left sidebar.
  2. Click on the + New Integration button.
  3. Click the Grype tile to add the integration.

Create a Check

1. Navigate to the Rubrics sub menu under the Service Health menu in OpsLevel

2. Hover over the cell that corresponds to the level and category you want your check to live in and click the + Add Check button.

Add Check

3. Select the Grype integration you created from the Integration dropdown

4. Choose one of the Check Templates from the dropdown.

Here is what each template is for:

  • No Critical Vulnerabilities: Any service that has critical vulnerabilities in its package manifest file will fail this check.
  • No High Vulnerabilities: Any service that has high vulnerabilities in its package manifest file will fail this check.
  • No Medium Vulnerabilities: Any service that has medium vulnerabilities in its package manifest file will fail this check.
  • No Low Vulnerabilities: Any service that has low vulnerabilities in its package manifest file will fail this check.

5. We will populate the Service Specifier field, which we use to determine what service to run the check for, and the Success Condition field, which we use to determine if the check should pass or fail. We also provide a sample payload to test the check.

Send payload to OpsLevel

The following command will send all the vulnerabilities for the service to OpsLevel and we will execute the check that was created in the previous step.

  grype nginx -s AllLayers -o json | curl -i -X POST https://app.opslevel.com/integrations/custom_event/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?alias= \-H 'content-type: application/json'  --data-binary @-

You will need to substitute the integration key from the Grype Integration you created in place of xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

To learn more about the Grype CLI, you can read their docs.