grype
grype copied to clipboard
anchore
A vulnerability scanner for container images and filesystems
**What happened**: Scan on image that has python3-cryptography-3.3.2-150400.23.1.x86_64 installed. It generates high vulnerability: NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY cryptography 3.3.2 39.0.1 python GHSA-x4qr-2fvf-3mr5 High -> CVE-2023-0286 cryptography 3.3.2 42.0.0...
**What would you like to be added**: Set the return code to a different number other than `0` or `1` when a scan fails. There may be 1 or more...
**What happened**: Scan on image that has python3-werkzeug-3.3.2-150400.23.1.x86_64 installed. It generates high vulnerability: NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY Werkzeug 1.0.1 2.2.3 python GHSA-xg9f-g7g7-2323 High Werkzeug 1.0.1 3.0.3 python GHSA-2g68-c3qc-8985...
**What happened**: Scan on image that has python3-urllib3-1.25.10-150300.4.9.1.noarch installed. It generates vulnerability: NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY urllib3 1.25.10 1.26.5 python GHSA-q2q7-5pp4-w6pg High urllib3 1.25.10 1.26.17 python GHSA-v845-jxx5-vc9f Medium...
**What happened**: I am running grype inside a container and try to run grype db diff. I allocated 4gb of memory and it fails on "signal killed". If allocate more...
**What happened**: trying to scan images like alpine \ ubuntu. it starts to download grype-db and then hangs. this issue started today. **What you expected to happen**: download the db...
For CPE-based matches, display the detail about the CPE used to match. This includes the "source" indicating if the cpe was syft-generated, or a lookup from the cpe-dictionary.
**What would you like to be added**: This is probably a weird question, but when running `grype dir:`, I understand grype is essentially running syft under the hood to produce...
**What happened**: Scan on image that has python3-certifi-2018.1.18-150000.3.3.1.noarch installed. It generates vulnerability: $ grype --distro sles:15.5 suse15.5_python3-certifi:v1 NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY certifi 2018.1.18 2023.7.22 python GHSA-xqr8-7jwr-rhp7 High (CVE-2023-37920)...
In the case where both a direct match and indirect match are made for the same package and vulnerability ID, today we have two matches: ``` cat sbom-maven.json | grype...
