| Name | grummage JSON |
| Version |
1.0.0
JSON |
| download |
| home_page | None |
| Summary | Interactive terminal frontend for Grype to view vulnerabilities. |
| upload_time | 2025-08-20 12:44:02 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | MIT License
Copyright (c) 2024 Alan Pope
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE. |
| keywords |
sbom
security
supply-chain
terminal
tui
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
textual
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Grummage
Grype + Rummage = Grummage.
Grummage is an interactive terminal frontend to [Grype](https://github.com/anchore/grype).
## Introduction
[Grype](https://github.com/anchore/grype) is an awesome vulnerability scanner. It produces minimal textual output, or verbose JSON files. I wanted something to rummage around in the json, without having to learn arcane jq syntax ;).
So Grummage was born.
## Installation
Grummage is written in Python and requires Python 3.8 or later.
### Pre-requisites
Grummage requires the [Grype](https://github.com/anchore/grype) binary in your path to function.
You may want to confirm the Grype command line works, and has updated the vulnerability database first.
```shell
grype --version
```
```
grype 0.84.0
```
```shell
grype db update
```
```
✔ Vulnerability DB [no update available]
No vulnerability database update available
```
### From PyPI (Recommended)
The easiest way to install grummage is from PyPI:
```shell
pip install grummage
```
### From GitHub Releases
Download the latest release from the [GitHub releases page](https://github.com/popey/grummage/releases).
### Using Homebrew (macOS/Linux)
```shell
brew tap popey/grummage
brew install grummage
```
### Using Docker
Note: `-it` is required for interaction with the application. Setting the `TERM` variable allows for better colour support.
```shell
docker run --rm -it -e TERM=xterm-256color -v $(pwd):/data ghcr.io/popey/grummage:latest /data/your-sbom.json
```
### Using Snap
```shell
sudo snap install grummage
```
### From Source
For development or if you prefer to install from source:
```shell
git clone https://github.com/popey/grummage
cd grummage
pip install -e .
```
### Using uv (Alternative)
If you use [uv](https://github.com/astral-sh/uv) for Python environment management:
```shell
git clone https://github.com/popey/grummage
cd grummage
uv venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
uv pip install -e .
```
## Usage
Point grummage at an SBOM (Software Bill of Materials):
```shell
grummage ./example_sboms/nextcloud-latest-syft-sbom.json
```
Grummage will load the SBOM and pass it through Grype to build the vulnerability list.
Use the cursor keys or mouse to navigate the tree on the left pane.
Press Enter or mouse click on a vulnerability to obtain limited details.
### Keys:
* `e` - Request further details via `grype explain`
* `q` - Quit
Sort by:
* `n` - Name of package
* `v` - Vulnerability ID
* `t` - Type of package
* `s` - Severity of issue
## Making SBOMs
I use [Syft](https://github.com/anchore/syft) to generate SBOMs, but other tools are available. For example:
```shell
syft nextcloud:latest -o syft-json=nextcloud-latest-syft-sbom.json
```
```
✔ Loaded image nextcloud:latest
✔ Parsed image sha256:44c884988b43e01e1434a66f58943dc809a193abf1a6df0f2cebad450e587ad7
✔ Cataloged contents bdca3ed5b303726bba5579564ab8fe5df700d637ae04f00689443260b26cc832
├── ✔ Packages [418 packages]
├── ✔ File digests [10,605 files]
├── ✔ File metadata [10,605 locations]
└── ✔ Executables [1,317 executables]
```
## Distribution
Grummage is available through multiple distribution channels:
- **PyPI**: `pip install grummage`
- **Homebrew**: `brew tap popey/grummage && brew install grummage`
- **Docker**: `ghcr.io/popey/grummage:latest`
- **Snap**: `sudo snap install grummage`
- **GitHub Releases**: Pre-built packages available
## Caveats
I am an open-source enthusiast and self-taught coder creating projects driven by curiosity and a love for problem-solving. The code may have bugs or sharp edges. Kindly let me know if you find one, via an [issue](https://github.com/popey/grummage/issues). Thanks.
Raw data
{
"_id": null,
"home_page": null,
"name": "grummage",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "sbom, security, supply-chain, terminal, tui",
"author": null,
"author_email": "Alan Pope <alan@popey.com>",
"download_url": "https://files.pythonhosted.org/packages/da/4f/718af737ae7e8de69bada1b011076a9668b7f107e4b6ab30c4c2be1ede81/grummage-1.0.0.tar.gz",
"platform": null,
"description": "# Grummage\n\nGrype + Rummage = Grummage.\n\nGrummage is an interactive terminal frontend to [Grype](https://github.com/anchore/grype).\n\n\n\n## Introduction\n\n[Grype](https://github.com/anchore/grype) is an awesome vulnerability scanner. It produces minimal textual output, or verbose JSON files. I wanted something to rummage around in the json, without having to learn arcane jq syntax ;).\n\nSo Grummage was born.\n\n## Installation\n\nGrummage is written in Python and requires Python 3.8 or later.\n\n### Pre-requisites\n\nGrummage requires the [Grype](https://github.com/anchore/grype) binary in your path to function.\n\nYou may want to confirm the Grype command line works, and has updated the vulnerability database first.\n\n```shell\ngrype --version\n```\n\n```\ngrype 0.84.0\n```\n\n```shell\ngrype db update\n```\n\n```\n \u2714 Vulnerability DB [no update available]\n No vulnerability database update available\n```\n\n### From PyPI (Recommended)\n\nThe easiest way to install grummage is from PyPI:\n\n```shell\npip install grummage\n```\n\n### From GitHub Releases\n\nDownload the latest release from the [GitHub releases page](https://github.com/popey/grummage/releases).\n\n### Using Homebrew (macOS/Linux)\n\n```shell\nbrew tap popey/grummage\nbrew install grummage\n```\n\n### Using Docker\n\nNote: `-it` is required for interaction with the application. Setting the `TERM` variable allows for better colour support.\n\n```shell\ndocker run --rm -it -e TERM=xterm-256color -v $(pwd):/data ghcr.io/popey/grummage:latest /data/your-sbom.json\n```\n\n### Using Snap\n\n```shell\nsudo snap install grummage\n```\n\n### From Source\n\nFor development or if you prefer to install from source:\n\n```shell\ngit clone https://github.com/popey/grummage\ncd grummage\npip install -e .\n```\n\n### Using uv (Alternative)\n\nIf you use [uv](https://github.com/astral-sh/uv) for Python environment management:\n\n```shell\ngit clone https://github.com/popey/grummage\ncd grummage\nuv venv\nsource .venv/bin/activate # On Windows: .venv\\Scripts\\activate\nuv pip install -e .\n```\n\n## Usage\n\nPoint grummage at an SBOM (Software Bill of Materials):\n\n```shell\ngrummage ./example_sboms/nextcloud-latest-syft-sbom.json\n```\n\nGrummage will load the SBOM and pass it through Grype to build the vulnerability list. \nUse the cursor keys or mouse to navigate the tree on the left pane.\nPress Enter or mouse click on a vulnerability to obtain limited details.\n\n### Keys:\n\n* `e` - Request further details via `grype explain`\n* `q` - Quit\n\nSort by:\n\n* `n` - Name of package\n* `v` - Vulnerability ID\n* `t` - Type of package\n* `s` - Severity of issue\n\n## Making SBOMs\n\nI use [Syft](https://github.com/anchore/syft) to generate SBOMs, but other tools are available. For example:\n\n```shell\nsyft nextcloud:latest -o syft-json=nextcloud-latest-syft-sbom.json\n```\n\n```\n \u2714 Loaded image nextcloud:latest\n \u2714 Parsed image sha256:44c884988b43e01e1434a66f58943dc809a193abf1a6df0f2cebad450e587ad7\n \u2714 Cataloged contents bdca3ed5b303726bba5579564ab8fe5df700d637ae04f00689443260b26cc832\n \u251c\u2500\u2500 \u2714 Packages [418 packages]\n \u251c\u2500\u2500 \u2714 File digests [10,605 files]\n \u251c\u2500\u2500 \u2714 File metadata [10,605 locations]\n \u2514\u2500\u2500 \u2714 Executables [1,317 executables]\n```\n\n## Distribution\n\nGrummage is available through multiple distribution channels:\n\n- **PyPI**: `pip install grummage`\n- **Homebrew**: `brew tap popey/grummage && brew install grummage`\n- **Docker**: `ghcr.io/popey/grummage:latest`\n- **Snap**: `sudo snap install grummage`\n- **GitHub Releases**: Pre-built packages available\n\n## Caveats\n\nI am an open-source enthusiast and self-taught coder creating projects driven by curiosity and a love for problem-solving. The code may have bugs or sharp edges. Kindly let me know if you find one, via an [issue](https://github.com/popey/grummage/issues). Thanks.\n",
"bugtrack_url": null,
"license": "MIT License\n \n Copyright (c) 2024 Alan Pope\n \n Permission is hereby granted, free of charge, to any person obtaining a copy\n of this software and associated documentation files (the \"Software\"), to deal\n in the Software without restriction, including without limitation the rights\n to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n copies of the Software, and to permit persons to whom the Software is\n furnished to do so, subject to the following conditions:\n \n The above copyright notice and this permission notice shall be included in all\n copies or substantial portions of the Software.\n \n THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n SOFTWARE.",
"summary": "Interactive terminal frontend for Grype to view vulnerabilities.",
"version": "1.0.0",
"project_urls": {
"Documentation": "https://github.com/popey/grummage#readme",
"Homepage": "https://github.com/popey/grummage",
"Issues": "https://github.com/popey/grummage/issues",
"Repository": "https://github.com/popey/grummage"
},
"split_keywords": [
"sbom",
" security",
" supply-chain",
" terminal",
" tui"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "e40794d02f98b81dfcc74662c447b5e010b71ddd54f55c42552433971fa30c80",
"md5": "08a9517a3b50e7c4647ddccdd1b41af3",
"sha256": "581bfda9d67ab34e501dde8b362db9519f5a8aedeb4a85ec5c5e86f397b561b3"
},
"downloads": -1,
"filename": "grummage-1.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "08a9517a3b50e7c4647ddccdd1b41af3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 23234,
"upload_time": "2025-08-20T12:44:00",
"upload_time_iso_8601": "2025-08-20T12:44:00.870725Z",
"url": "https://files.pythonhosted.org/packages/e4/07/94d02f98b81dfcc74662c447b5e010b71ddd54f55c42552433971fa30c80/grummage-1.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "da4f718af737ae7e8de69bada1b011076a9668b7f107e4b6ab30c4c2be1ede81",
"md5": "da6253e934f2add7184c42905cb13752",
"sha256": "95afff3fc5d99ff4306e5b3ac49c01061fb1118ff37b13b23ada2dcb82de536a"
},
"downloads": -1,
"filename": "grummage-1.0.0.tar.gz",
"has_sig": false,
"md5_digest": "da6253e934f2add7184c42905cb13752",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 8410987,
"upload_time": "2025-08-20T12:44:02",
"upload_time_iso_8601": "2025-08-20T12:44:02.249003Z",
"url": "https://files.pythonhosted.org/packages/da/4f/718af737ae7e8de69bada1b011076a9668b7f107e4b6ab30c4c2be1ede81/grummage-1.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-20 12:44:02",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "popey",
"github_project": "grummage#readme",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "textual",
"specs": [
[
">=",
"0.85.0"
]
]
}
],
"lcname": "grummage"
}
