A CLI tool and Go library for checking licenses in container images, SBOMs, and filesystems. Works seamlessly with Syft for license investigation and policy enforcement.
- Check licenses in container images, SBOMs, and filesystems
- Categorize licenses by risk level (permissive, weak copyleft, strong copyleft)
- Define and enforce license policies with allow/deny lists
- Works seamlessly with Syft SBOMs
- Multiple output formats (table, JSON) for CI/CD integration
Tip
New to Grant? Check out the Getting Started guide for a walkthrough!
The quickest way to get up and going:
curl -sSfL https://get.anchore.io/grant | sudo sh -s -- -b /usr/local/binTip
See Installation docs for more ways to get Grant!
List licenses within a container image or directory:
# container image
grant list redis:latest
# directory
grant list dir:.
# SBOM document
grant list sbom.spdx.jsonCheck licenses against a policy:
grant check redis:latestTip
Check out the Getting Started guide to explore all of the capabilities and features.
Want to define license policies? Check out the policy guide.
We encourage users to help make these tools better by submitting issues when you find a bug or want a new feature. Check out our contributing overview and developer-specific documentation if you are interested in providing code contributions.
Grant development is sponsored by Anchore, and is released under the Apache-2.0 License.
For commercial support options, please contact Anchore.