grype
grype copied to clipboard
anchore
feature: table output for --fail-on should only print vulnerabilities equal to or above the severity passed
What happened:
When I run grype --fail-on medium node:latest I should NOT see vulnerabilities in the table less than the value passed to --fail-on
grype --fail-on medium node:latest
✔ Vulnerability DB [updated]
✔ Pulled image
✔ Loaded image node:latest
✔ Parsed image sha256:78ef0769157984a5cdeefbf01d5b838bed9db543e09ac58f083519ee39255eb2
✔ Cataloged contents 0d85bfc2f8b20fc97525c61b202ef42728be88f5ab728c9e677e691c35cd9cfc
├── ✔ Packages [623 packages]
├── ✔ File digests [18,703 files]
├── ✔ File metadata [18,703 locations]
└── ✔ Executables [1,330 executables]
✘ Scan for vulnerabilities [637 vulnerability matches]
├── by severity: 11 critical, 55 high, 134 medium, 39 low, 436 negligible (233 unknown)
└── by status: 20 fixed, 888 not-fixed, 271 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
apt 2.6.1 deb CVE-2011-3374 Negligible
binutils 2.40-2 deb CVE-2023-1972 Negligible
binutils 2.40-2 deb CVE-2021-32256 Negligible
binutils 2.40-2 deb CVE-2018-9996 Negligible
binutils 2.40-2 deb CVE-2018-20712 Negligible
binutils 2.40-2 deb CVE-2018-20673 Negligible
binutils 2.40-2 deb CVE-2018-18483 Negligible
binutils 2.40-2 deb CVE-2017-13716 Negligible
binutils-aarch64-linux-gnu 2.40-2 deb CVE-2023-1972 Negligible
binutils-aarch64-linux-gnu 2.40-2 deb CVE-2021-32256 Negligible
binutils-aarch64-linux-gnu 2.40-2 deb CVE-2018-9996 Negligible
binutils-aarch64-linux-gnu 2.40-2 deb CVE-2018-20712 Negligible
binutils-aarch64-linux-gnu 2.40-2 deb CVE-2018-20673 Negligible
binutils-aarch64-linux-gnu 2.40-2 deb CVE-2018-18483 Negligible
binutils-aarch64-linux-gnu 2.40-2 deb CVE-2017-13716 Negligible
binutils-common 2.40-2 deb CVE-2023-1972 Negligible
binutils-common 2.40-2 deb CVE-2021-32256 Negligible
binutils-common 2.40-2 deb CVE-2018-9996 Negligible
binutils-common 2.40-2 deb CVE-2018-20712 Negligible
binutils-common 2.40-2 deb CVE-2018-20673 Negligible
binutils-common 2.40-2 deb CVE-2018-18483 Negligible
binutils-common 2.40-2 deb CVE-2017-13716 Negligible
bsdutils 1:2.38.1-5+deb12u1 deb CVE-2022-0563 Negligible
What you expected to happen: A single small row showing x vulnerabilities not shown.
How to reproduce it (as minimally and precisely as possible): See above command
- Output of
grype version: v0.79.2 - OS (e.g:
cat /etc/os-releaseor similar): OSX
