grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.10.0 to 1.10.1. Release notes Sourced from github.com/sigstore/cosign's releases. v1.10.1 This release fixes a security issue cosign verify-attestaton --type can report a false positive if any attestation...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Added the newly available environment variables used to change the data staleness to the README. Signed-off-by: Brock Renninger
**What happened**: https://nvd.nist.gov/vuln/detail/CVE-2017-8806 ``` { "type": "cpe-match", "matcher": "java-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:postgresql:postgresql:42.3.6:*:*:*:*:*:*:*" ] }, "found": { "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:debian:*:*" ] } } ```...
**What happened**: I'm trying to use grype to search for vulnerability for an embedded project using a SBOM file (using cycloneDX specification).I add an embedded components like freeRTOS, STM32L4 firmware,...
**What happened**: Running grype on a syft-generated BOM for github.com/thediveo/lxkns raises CVE-2002-1647. However, CVE-2002-1647 relates to a web site but not an npm package. **What you expected to happen**: No...
Add the ability to match rust crates against the RustSec DB https://github.com/rustsec/advisory-db
**What happened**: Grype reported ELSA-2022-4803 for below package on x86-64 linux NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY rsyslog 8.24.0-57.0.1.el7_9.3 0:8.24.0-57.0.4.el7_9.3 rpm ELSA-2022-4803 High **What you expected to happen**: ELSA-2022-4803 is...
Hello. Sometimes command: _grype db update_ return such error: "unable to update vulnerability database: unable to update vulnerability database: unable to download db: stream error: stream ID 1; INTERNAL_ERROR; received...
**What happened**: Grype results in false positive for CVE-2019-3826 **What you expected to happen**: No false positive for CVE-2019-3826 **How to reproduce it (as minimally and precisely as possible)**: 1....
**What happened**: OWASP dependency track is not listing vulnerabilities (cyclone dx format) from grype , syft is working however . Grype cyclonedx sbom only listing components. **What you expected to...
