grype
A vulnerability scanner for container images and filesystems
APACHE-2.0 License
Bot releases are visible (Hide)
Published by anchoreops almost 3 years ago
Changelog
v0.29.0 (2022-01-07)
Added Features
- update syft to version v0.35.0
Bug Fixes
- ability to go install "github.com/anchore/grype" [Issue #568]
Docker images
docker pull anchore/grype:v0.29.0
Published by anchoreops almost 3 years ago
Changelog
v0.28.0 (2021-12-22)
Added Features
- Path filtering for file system scanning [Issue #389]
- Grype verbose log version [Issue #555]
Bug Fixes
- Java packages sometimes missing version information [Issue #504]
- False positives cases for CVE-2021-44228 [Issue #552]
- Error when scanning a single file (e.g. zip, war, etc.) and using JSON output format [Issue #554]
- MacOS install fails using GNU coreutils version of cp [Issue #560]
Docker images
docker pull anchore/grype:v0.28.0
Published by anchoreops almost 3 years ago
Changelog
v0.27.3 (2021-12-16)
Bug Fixes
- Panic when a package has been added to a catalog multiple times [Issue #548]
Docker images
docker pull anchore/grype:v0.27.3
Published by anchoreops almost 3 years ago
Changelog
v0.27.2 (2021-12-14)
Bug Fixes
- Index out of range while scanning Java webapps [Issue #538]
Docker images
docker pull anchore/grype:v0.27.2
Published by anchoreops almost 3 years ago
Changelog
v0.27.1 (2021-12-14)
Bug Fixes
- panic: runtime error: invalid memory address or nil pointer dereference (deb package parsing) [Issue #523]
- panic: runtime error: invalid memory address or nil pointer dereference (go binary parsing) [Issue #526]
Docker images
docker pull anchore/grype:v0.27.1
Published by anchoreops almost 3 years ago
Changelog
v0.26.1 (2021-12-03)
Added Features
- Add db list command [PR #506] [wagoodman]
- Custom CA support for db.update-url [Issue #493]
Docker images
docker pull anchore/grype:v0.26.1
Published by anchoreops almost 3 years ago
Changelog
- Update grype to use the latest grype-db so correct namespace for rocky linux distributions is used in vulnerability matching [PR #501]
Docker images
docker pull anchore/grype:0.25.1
Published by anchoreops almost 3 years ago
Changelog
Added Features
- Use existing registry authentication such as Docker config [Issue #478]
- Add Rocky Linux Support[PR #500]
Docker images
docker pull anchore/grype:0.25.0
Published by anchoreops almost 3 years ago
Changelog
v0.24.1 (2021-11-05)
Bug Fixes
- Unable to invoke grype as an external process since 0.8.0 [Issue #267]
- Homebrew - Tapping fails: Formulae require at least a URL on Apple M1 [Issue #401]
Docker images
docker pull anchore/grype:0.24.1
Published by anchoreops almost 3 years ago
Changelog
v0.24.0 (2021-10-25)
Added Features
- Filter vulnerabilities without fixes [Issue #175]
- Add a release for
linux/arm64[Issue #362] - Add windows support [Issue #447]
Bug Fixes
- Cannot handle Syft SBOM for directory scans [Issue #298]
- False positive for package version appended with a release number (e.g. 1.5.1-r1) [Issue #427]
- Image parsing hang if finds a directory with name ending in space [Issue #460]
- Scan against container generating error and usage prompt on finding vulnerability [Issue #461]
Docker images
docker pull anchore/grype:v0.24.0-amd64docker pull anchore/grype:v0-amd64docker pull anchore/grype:v0.24-amd64docker pull anchore/grype:v0.24.0-arm64v8docker pull anchore/grype:v0-arm64v8docker pull anchore/grype:v0.24-arm64v8
Published by anchoreops about 3 years ago
Changelog
v0.23.0 (2021-10-06)
Implemented enhancements:
- add an option to output the report into a file rather than redirecting the output #207
Fixed bugs:
- Cannot handle Syft SBOM for directory scans #298
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:v0.23.0docker pull anchore/grype:v0docker pull anchore/grype:v0.23
Published by anchoreops about 3 years ago
Changelog
v0.22.0 (2021-09-30)
Implemented enhancements:
- Ability to ignore vulnerability matches (to help manage false positives) #198
Fixed bugs:
- False positives for perl-* packages in centos:8 images #437
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.22.0docker pull anchore/grype:v0docker pull anchore/grype:v0.22
Published by anchoreops about 3 years ago
Changelog
v0.21.0 (2021-09-28)
Implemented enhancements:
- Add data-driven language matching #434 (wagoodman)
- Add default matcher (language + CPE matching) #432 (wagoodman)
Fixed bugs:
- Grype raise error: "failed to catalog: failed to parse CPE" #417
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.21.0docker pull anchore/grype:v0docker pull anchore/grype:v0.21
Published by anchoreops about 3 years ago
Changelog
v0.20.0 (2021-09-23)
Implemented enhancements:
Fixed bugs:
- False positive on Centos/Rhel openjdk package #419
- Java group ID not found resulting in missed results #378
- False positive on sentry and other libs #280
- update log file permissions to 0644 #422 (spiffcs)
- Update KB constraint to not satisfy if raw constraint is empty. #421 (Vijay-P)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.20.0docker pull anchore/grype:v0docker pull anchore/grype:v0.20
Published by anchoreops about 3 years ago
Changelog
v0.19.0 (2021-09-14)
Implemented enhancements:
- Update grype-db dependency, add some SLES tests #413 (dspalmer99)
Fixed bugs:
- False positive core.jar (CVE-2020-15235, CVE-2020-15505, CVE-2020-15506, CVE-2020-15507) #342
- False positives for javax.mail #341
- False positives in Python package "redis" confused with Redis server #307
- False positive - Python Libraries mistaken for other Software #212
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.19.0docker pull anchore/grype:v0docker pull anchore/grype:v0.19
Published by anchoreops about 3 years ago
Changelog
v0.18.0 (2021-09-13)
Implemented enhancements:
Fixed bugs:
- Alpine matching should include source indirection matching #343
- Ensure that virtual path is reported for java archives. #393 (dakaneye)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.18.0docker pull anchore/grype:v0docker pull anchore/grype:v0.18
Published by anchoreops about 3 years ago
Changelog
v0.17.0 (2021-08-25)
Implemented enhancements:
- (via Syft) Added parser for Pipfile.lock to cataloger anchore/syft#242
Fixed bugs:
- Reporting vulnerabilities for NPM dependencies from lock files that should be excluded #385
- False positive perl-Pod-Escapes vulns, RHEL7 #376
- RPM matcher not always properly detecting package name from source RPM #374
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.17.0docker pull anchore/grype:v0docker pull anchore/grype:v0.17
Published by anchoreops about 3 years ago
Changelog
v0.16.0 (2021-08-18)
Implemented enhancements:
- Grype is not consistent when scaning dir on disk #338
- Add option for accessing registries without HTTPS #334
- Incorporate CPE generation enhancements #375 (wagoodman)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.16.0docker pull anchore/grype:v0docker pull anchore/grype:v0.16