grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
**What would you like to be added**: Would be great if the mitigations for the vulnerabilities were to be added to the DB **Why is this needed**: Could save the...
**What happened**: Grype does not detect CVE-2023-3635 against okio-jvm-3.0.0.jar **What you expected to happen**: CVE-2023-3635 to be detected **How to reproduce it (as minimally and precisely as possible)**: run grype...
**What happened**: When scan on a container which has SLES 15 SP4, this reference GHSA-v8gr-m533-ghj9 is shown NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY cryptography 3.3.2 39.0.1 python GHSA-x4qr-2fvf-3mr5 High cryptography...
**What happened**: Grype is incorrectly flagging a number of CVEs against a package version which contains the fixes. The package in question is **guava**, and the version is **v32.0.0**. The...
**What would you like to be added**: The thrown `No such image` error is like: image is not exist at all. But it's already exist: ``` crane manifest docker.io/kubeflownotebookswg/volumes-web-app:latest ```...
(a topic from the OSS community meeting today from @pandatix) Today grype outputs CVSS information in the JSON output, however, this is unprocessed vectors from upstream data providers. Ideally we...
The OpenSSF [recently announced](https://openssf.org/blog/2023/10/12/introducing-openssfs-malicious-packages-repository/) a new [malicious package repository](https://github.com/ossf/malicious-packages) that tracks npm, pypi, and rubygems package ecosystems and enumerates known malicious packages in the OSV format. This appears to have...
**What happened**: Issue with mime4j-storage-0.8.3, mime4j-core-0.8.3 and mime4j-dom-0.8.3, "package_path": "/opt/jboss/keycloak/lib/lib/main/org.apache.james.apache-mime4j-storage-0.8.3.jar" "package_path": "/opt/jboss/keycloak/lib/lib/main/org.apache.james.apache-mime4j-core-0.8.3.jar", "package_path": "/opt/jboss/keycloak/lib/lib/main/org.apache.james.apache-mime4j-dom-0.8.3.jar", Grype is reported to https://nvd.nist.gov/vuln/detail/CVE-2021-40525 which is for james version 3.6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40525](https://nvd.nist.gov/vuln/detail/CVE-2021-40525 It is not the...
**What happened**: False positive Issue with "/opt/jboss/keycloak/modules/system/layers/base/io/smallrye/reactive/mutiny/main/mutiny-1.1.2.jar" which is reactive:mutiny 1.1.2. Grype report critical issue with CVE-2022-37832, which is related to mutiny:mutiny. According to this link [Published | JUMPSEC LABS](https://labs.jumpsec.com/)...
This is basically a copy of [syft#2165](https://github.com/anchore/syft/issues/2165), but for Grype. Based on the discussion in https://github.com/anchore/syft/issues/1062, we want to improve the CLI help text for the `--output` parameter, and deprecate...
