grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
**What happened**: While scanning our software that packs Apache Karaf 4.3.7 (contains [org.apache.sling.commons.johnzon] 1.2.14), CVE-2016-0956 is reported **What you expected to happen**: As per NVD https://nvd.nist.gov/vuln/detail/CVE-2016-0956#match-3424223 , the impacted artifacts...
**What happened** While Grype works well on sle-based images: ``` ➜ ~ grype registry.suse.com/suse/sle15:15.1.6.2.508 [...] ✔ Cataloged packages [124 packages] ✔ Scanned image [23 vulnerabilities] NAME INSTALLED FIXED-IN TYPE VULNERABILITY...
**What would you like to be added**: Converter from Grype to MITRE's [Heimdall Data Format](https://saf.mitre.org/#/normalize) (HDF). [MITRE Security Automation Framework](https://saf.mitre.org/#/) (SAF) has a well-defined [process for building converters](https://github.com/mitre/saf/wiki/How-to-recommend-development-of-a-mapper). Likely, the...
**What would you like to be added**: I'd like to have a method of observing any vulnerabilities that have occurred for a package's past versions **Why is this needed**: I'd...
**What would you like to be added**: A new command ```grype update``` **Why is this needed**: It would make the update process a lot easier. Grype already knows if you...
Hi We are seeing below WARN messages continuously reporting when running grype: ``` [0010] WARN unable to extract GHSA java package information from purl="pkg:maven/": name is required WARN matcher failed...
**What happened**: We built a test image with a locally built nginx package: `distroless.dev/nginx:latest` The locally built nginx package is matched against Alpine vulnerability data, despite not being from the...
**What would you like to be added**: when running grype sometimes we see GHSA in the results but not the CVE like: struts2-core 2.5.5 2.5.12 GHSA-9gp7-jvm2-r4mx Medium it would be...
More false positives turned up in the web UI part of my [lxkns](https://github.com/thediveo/lxkns) project. ```yaml ignore: # Barking up the wrong tree... - vulnerability: CVE-2009-4590 # php, not npm package...
Hello, I have found this vulnerability in my python dependencies with a `fs` scan (see below issue description). The found issue is for the redis package, but the scanned artifact...
