grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.10.0 to 0.11.0. Release notes Sourced from github.com/charmbracelet/lipgloss's releases. v0.11.0 Immutable Styles and Raw Speed, Baby So! The big news in this release is: Style methods will...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) from 1.6.0 to 1.7.0. Release notes Sourced from github.com/hashicorp/go-version's releases. v1.7.0 ENHANCEMENTS: Remove reflect dependency (#91) Implement the database/sql.Scanner and database/sql/driver.Value interfaces for Version (#133) INTERNAL: [COMPLIANCE] Add...
**What happened**: Running Grype on an Azure DevOps Pipeline task occasionally fails with the following error: ``` [info] checking github for the current release tag [info] fetching release script for...
**What happened**: Vuln db cannot be imported **What you expected to happen**: Vuln db is imported **How to reproduce it (as minimally and precisely as possible)**: 1) fetch https://toolbox-data.anchore.io/grype/databases/listing.json 2)...
**What happened**: Our pipeline recently broke due to critical finding of GHSA-8rmg-jf7p-4p22 ``` [root@d992b56c077e /]# grype --version grype 0.77.4 [root@d992b56c077e /]# grype bom.json ✔ Vulnerability DB [no update available] ✔...
**What happened**: In Syft, it's possible to specify `--source-name` and `--source-version` to add user-provided name and version of the artifact/directory being scanned to the SBOM. However, Grype doesn't accept these...
Similar to https://github.com/anchore/syft/pull/2542 the template output appears to be using the go structs, which requires users to know about the specific struct names, which may differ (and do) from the...
As described in [anchore#572](https://github.com/anchore/grype/issues/572) setting just the GRYPE_DB_CACHE_DIR environment variable doesn't successfully make grype use the custom cache location. TMPDIR needs to be set as well.
**What happened**: I noticed that the 'package' field in matchDetails.searchedBy object sometimes starts with a capital and sometimes not. **What you expected to happen**: Consistent naming. **How to reproduce it...
**What happened**: Scan on image that has python3-Pygments-2.6.1-4.3.1.noarch installed. It generates high vulnerability: { "vulnerability": { "id": "GHSA-9w8r-397f-prfh", "dataSource": "https://github.com/advisories/GHSA-9w8r-397f-prfh", "namespace": "github:language:python", "severity": "High", "urls": [ "https://github.com/advisories/GHSA-9w8r-397f-prfh" ], : :...
