Releases: anchore/grype
Releases · anchore/grype
v0.84.0
Added Features
- Add support for scanning single purl from the CLI [#2225 #2223 @wagoodman]
Bug Fixes
- Docker reports 0 vulnerabilities. Same file reports many vulnerabilites when ran directly on linux server [#2235]
- Flaky checks on STDIN for purl provider [#2192 #2223 @wagoodman]
- Missing alpine patch version yields inaccurate results [#2222 #2226 @wagoodman]
Additional Changes
- update Syft to v1.16.0 [#2237 @anchore-actions-token-generator]
Contributors
wagoodman
Assets 20
- 1.42 KB
2024-11-05T15:03:55Z - 3.09 KB
2024-11-05T15:03:56Z - 96 Bytes
2024-11-05T15:03:56Z - 18.9 MB
2024-11-05T15:03:50Z - 17.6 MB
2024-11-05T15:03:50Z - 18.2 MB
2024-11-05T15:03:55Z - 18.9 MB
2024-11-05T15:03:53Z - 18.1 MB
2024-11-05T15:03:49Z - 16.9 MB
2024-11-05T15:03:53Z - 17.4 MB
2024-11-05T15:03:52Z -
2024-11-05T14:54:48Z -
2024-11-05T14:54:48Z - Loading
v0.83.0
v0.82.2
Bug Fixes
- azurelinux considered as comprehensive distro [#2197 @westonsteimel]
- Java archive cataloger performance in 0.82.x much slower than 0.81.0 [#2200]
Additional Changes
- Update to Syft v1.14.2 [#2203 @wagoodman]
Contributors
wagoodman and westonsteimel
Assets 20
v0.82.1
Bug Fixes
- Skip matching on packages with missing version info [#2182 @wagoodman]
- correctly identify version of traefik binaries [#2178 #2179 @westonsteimel]
- RPM version comparison oddity with release field [#398 #2188 @wagoodman]
- purl with epoch should be used even if version is missing epoch [#2170 #2186 @wagoodman]
Additional Changes
- bump syft in quality gate to v1.14.0 [#2187 @westonsteimel]
Contributors
wagoodman and westonsteimel
Assets 20
v0.82.0
Added Features
- performance: only check for a new DB once every 2 hours (configurable) [#2148 @wagoodman]
- wordpress-plugin support [#1553 @disc]
Bug Fixes
- use fix info from secDB in APK matcher even if NVD fix info present [#2162 @willmurphyscode]
Breaking Changes
- Split v1-5 DB distribution concerns to a new
legacypackage [#2124 #2144 @wagoodman]
Additional Changes
Contributors
disc, wagoodman, and 2 other contributors
Assets 20
v0.81.0
Added Features
- add distro mapping for azure linux 3 [#1848 @willmurphyscode]
- Support for Azure Linux 3.0 [#1829]
Contributors
willmurphyscode
Assets 20
v0.80.2
Bug Fixes
- find secdb entries for origin packages [#1602 @luhring]
- Matching java binary packages with NVD records is problematic [#1718 #2114 @wagoodman]
- LoadVulnerabilityDB could be faster with ValidateByHashOnGet [#1502 #2054 @lucasrod16]
Additional Changes
- update Syft to v1.13.0 [#2140 @anchore-actions-token-generator]
- include file specifier in help [#2121 @willmurphyscode]
Contributors
wagoodman, luhring, and 2 other contributors
Assets 20
v0.80.1
Bug Fixes
- CVE-2024-3154 found with latest version [#1834 #2091 @spiffcs]
Additional Changes
- Update Syft to 1.12.2 [#2108]
Contributors
spiffcs
Assets 20
v0.80.0
Added Features
- Add info subcommand in order to query grype db vulnerabilities [#1629 #2031 @tomersein]
Bug Fixes
- correctly close the db file in v4/v5 stores [#2066 @AndreiStefanie]
- Grype panics with a nil pointer dereference error when given an empty string argument [#2063 #2064 @lucasrod16]
- Ignoring search results when CPE is not set in the SBOM [#2039 #2040 @aeg]
- "No vulnerability database update available" when actually the check for an update was unsuccessful [#310 #1247 @shanedell]
- CycloneDX output
metadata.propertiesset tonullinstead of empty array or omitted [#1759]
Additional Changes
Contributors
aeg, kzantow, and 4 other contributors
Assets 20
v0.79.6
Bug Fixes
- Failed to parse constraint of CVE-2024-6345 which fails the scan [#2048 #2049 @wagoodman]
Contributors
wagoodman