Grype has a credential disclosure vulnerability in its JSON output
A credential disclosure vulnerability was found in Grype, affecting versions v0.68.0 through v0.104.0. If registry credentials are defined and the output of grype is written using the –file or –output json=<file> option, the registry credentials will be included unsanitized in the output file.