grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
**What would you like to be added**: Support for AZL3. **Why is this needed**: CVE detection. **Additional context**: `/etc/os-release` `ID=azurelinux`
**What happened**: When building the latest version of grype the distro tests fail **What you expected to happen**: Successful build of grype **How to reproduce it (as minimally and precisely...
**What would you like to be added**: Ability to read syft.yaml config file when running grype. **Why is this needed**: When scanning a directory or docker image grype uses syft...
**What happened**: I was alerted to a CVE issue on a package (from Hex) that has a similar name to a vulnerable package available in the iOS ecosystem. They are...
## Summary This PR attempts to narrow the golang_constraint `Satisfied` logic as a follow up to #1797 #1797 allows grype to proceed with matches when it encounters a package with...
**What happened**: Scan on custom image and get this vulnerability reported: ip 2.0.0 2.0.1 npm GHSA-78xj-cgh5-2h22 Medium Issue: "GHSA-78xj-cgh5-2h22" ------> "CVE-2023-42282" : "locations": [ { "path": "/usr/lib64/node_modules/npm18/node_modules/ip/package.json", "layerID": "sha256:8cbcaaf005a84d63ae8755f21c3504fd224b9fcc1fa6ea021b30938e6065f3a9" }...
:wave: **What happened**: I followed instructions to build grype from a clone of this repo, but I didn't succeed. Am I holding it wrong? :thinking: ```bash alan@asimo:~/Source/anchore$ git clone https://github.com/anchore/grype...
:wave: **What happened**: There appears to be a missing dependency when running `make test`. ``` PASS ok github.com/anchore/grype/test/integration 372.701s go run cmd/grype/main.go alpine:latest ✔ Vulnerability DB [updated] ✔ Pulled image...
Get vulnerability GHSA-jphg-qwrw-7w9g (CVE-2020-10663) on a customed image that has logstash integrated. And it is pointing to: "path": "/usr/share/logstash/vendor/bundle/jruby/2.5.0/specifications/json-1.8.6-java.gemspec", **What you expected to happen**: Among logtash 3pp there is Ruby....
**What happened**: Scanning a PHP docker image with Redis PHP extension shows s a lot of vulnerabilities. ``` redis 6.0.2 php-pecl CVE-2022-24834 High redis 6.0.2 php-pecl CVE-2022-24735 High redis 6.0.2...
