grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
**What would you like to be added**: Grype has a `--by-cve` option, which provides an output that seems more intuitive to many stakeholders, since it orients the matches around the...
Fail when grype cant check for db update Closes #310 **Before change when running**: ```bash docker run -v $PWD:/grype -w /grype -d --name grype-test --rm -it golang:1.19 tail -f /dev/null...
**What happened**: I was using the template output mode from grype and read on the main documentation page that ... `quote` Grype's template processing uses the same data models as...
**What happened**: After scanning a .NET solution that contains the [Akka package](https://www.nuget.org/packages/Akka/), a wrong vulnerability is reported. Here is the report: ``` NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY Akka 1.4.45...
We should add a `User-Agent` header with Grype version to the version update check.
**What would you like to be added**: When scanning an SBOM, Grype's machine-readable output formats should cite the SBOM's ID for any package with a vulnerability match. **Why is this...
**What happened**: Grype detected a vulnerability from Amazon, ALAS-2023-2203, it has a known CVE ID:  However it is missing from the report's relatedVulnerabilities: ``` { "vulnerability": { "id": "ALAS-2023-2203",...
**What happened**: Grype doesn't appear to be procesing CPE configurations correctly in the case where logical operators are used in NVD's CPE data. Specifically, when a CPE configuration has "AND"-ed...
**What happened**: CVE-2023-35116 was excluded from [Sonatype](https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]) and [dependencyCheck](https://github.com/jeremylong/DependencyCheck/issues/5779) as false positive [Details](https://github.com/jeremylong/DependencyCheck/issues/5779#issuecomment-1597512726): **What you expected to happen**: Exclude jacson-databind cve similar to Sonatype/dependecyCheck already did, or at least lower...
Accidentally discovered running grype against a directory with two components in it, that have the same vulnerability results in Grype only displaying the one vulnerability in the table despite it...
