grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
**What happened**: Apache Activemq Artemis Native (https://github.com/apache/activemq-artemis-native) is being mapped to activemq even though it's a separate project and is managed independently. Examples: Latest activemq-artemis-native=1.0.2, but appears it is be...
how to solve this ? than you very much. #syft packages ./tidb/ -o syft-json > tidb_syft-packages.json #grype sbom:./tidb_syft-packages.json ---start--- ......... ......... ......... [0010] WARN unknown package metadata type="" for packageID="fd1baa641b196868"...
**What happened**: I'm scanning a CycloneDX SBOM with the following component: ``` { "type": "framework", "name": "java.8-jdk", "version": "1.8.0.332", "publisher": "Adoptium", "cpe": "cpe:2.3:a:oracle:jdk:1.8.0:update332:*:*:*:*:*:*", "purl": "pkg:generic/[email protected]?arch=amd64" } ``` Grype does not...
**What happened:** When using grype to check a CycloneDX SBOM not produced by syft, Java vulnerabilities were not detected. **What you expected to happen:** Vulnerabilities should be found by language...
**What happened**: When grype scans tomcat images it is reporting CVE: 2016-5425 and CVE:2016-6325 pointing to a tomcat-jdbc.jar file Even if you look in the JAR file, the tomcat.conf file...
**What happened**: Attempted to scan both the Grafana 8.2.2 Enterprise and Grafana 8.2.2 OSS releases and neither flagged this CVE. Verified that the CVE was present by using the blog...
**What happened**: Grype shows "No vulnerability database update available" when it _hasn't actually_ checked to see if a database update is available. **What you expected to happen**: If Grype is...
**What happened**: While running CI tests, got problems when the database check ran: ``` go run ../../main.go ubuntu:latest -vv -o cyclonedx > bom.xml [0000] DEBUG Application config: configpath: "" presenteropt:...
`install.sh` currently supports released versions of `grype` to be installed. Integrations like `scan-action` may want to test against unreleased versions of `grype` that are currently not possible to install with...
**What happened**: During our ci pipelines, we have noticed that when we run grype to scan a container image it sometimes fails when there is a high CPU usage on...
