Grype Versions Save

A vulnerability scanner for container images and filesystems

v0.77.2

2 weeks ago

Bug Fixes

  • update ignored vulnerability count in tui [#1837 @kzantow]
  • SARIF output not compatible with GitHub [#1518 #1838 @kzantow]

(Full Changelog)

v0.77.1

3 weeks ago

Additional Changes

  • update Syft to v1.3.0 [#1832 @anchore-actions-token-generator]

(Full Changelog)

v0.77.0

4 weeks ago

Added Features

  • add linux and libc-dev headers ignore rules for debian packages [#1809 @zhill]
  • use Go main module version when possible [#1797 @luhring]

Additional Changes

  • Add providers' pull date to DB metadata structure [#1795 @asomya]
  • config: add config opt in golang pseudo version main module comparison [#1816 @spiffcs]

(Full Changelog)

v0.76.0

1 month ago

Added Features

  • Database download timeouts [#1731 #1777 @willmurphyscode]

Bug Fixes

  • Disable matching kernel vulnerabilities by default for indirect matches against the 'kernel-headers' packages [#1762 #1787 @zhill]

Additional Changes

(Full Changelog)

v0.75.0

1 month ago

Added Features

  • update syft source providers [#1727 @kzantow]
  • enable http timeout [#1777 @willmurphyscode]

Bug Fixes

  • use "path/filepath" to build file path [#1767 @seiyab]
  • Suppress warnings when matching go packages with devel version [#1752 @wagoodman]
  • not showing poco CVEs from syft generated sbom [#1737]

(Full Changelog)

v0.74.7

2 months ago

Bug Fixes

  • return exit codes from install script [#1725 @hacst]
  • GitHub code scanning alerts missing information [#1715 #1720 @kzantow]

Additional Changes

  • update Syft to v0.105.1 [#1728]

(Full Changelog)

v0.74.6

3 months ago

Bug Fixes

  • ensure version output to stdout [#1709 @kzantow]
  • Seeing "WARN some package(s) are missing CPEs" but it's not clear why [#1634 #1710 @willmurphyscode]

(Full Changelog)

v0.74.5

3 months ago

Additional Changes

  • Bump Syft in Grype to pull in unmarshaling fix [#1703 @willmurphyscode]

(Full Changelog)

v0.74.4

3 months ago

Security Fixes

  • Upgrade syft to v0.103.1 [#1688 @wagoodman]

(Full Changelog)

v0.74.3

3 months ago

Bug Fixes

  • Fix matching when RPM modularity is a factor [#1679 @wagoodman]
  • VEX documents not taken into account when --fail-on is set [#1639 #1657 @ferozsalam]

Additional Changes

  • break assumption that syft cpe.CPE is wfn.Attributes [#1675 @willmurphyscode]

(Full Changelog)