grype
A vulnerability scanner for container images and filesystems
APACHE-2.0 License
Bot releases are visible (Hide)
Published by anchoreops over 3 years ago
Changelog
v0.15.0 (2021-07-14)
Implemented enhancements:
- Add NVD CVSS scores to grype json output for matches on the vendor record #314
- Vendor metadata for vulnerability fixes is missing #276
Fixed bugs:
- cyclonedx reports a score of 0 if CVE has no CVSS #366
- cyclonedx doesn't report severity if feed has no CVSS #364
- Pipelines allow unclean go.sum files that block our release pipeline #358
- Panic during directory scan #353
- CycloneDX Document struct returns empty Components list when parsing CycloneDX XML output #345
- Add vendor-provided CVSS scores to vulnerability match records where available #287
- There should always be links associated with a vulnerability #189
- Show no value in table output for unknown fixes #350 (luhring)
- Fix RPM epoch comparison logic #331 (wagoodman)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.15.0docker pull anchore/grype:v0docker pull anchore/grype:v0.15
Published by anchoreops over 3 years ago
Changelog
v0.13.0 (2021-06-02)
Implemented enhancements:
- Add NVD CVSS scores to grype json output for matches on the vendor record #314
- Add Vendor metadata for vulnerability fixes #276
Fixed bugs:
- Replace links to Slack channels with public signup link #325 (luhring)
- There should always be links associated with a vulnerability #189
- Add vendor-provided CVSS scores to vulnerability match records where available #287
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.13.0docker pull anchore/grype:v0docker pull anchore/grype:v0.13
Published by anchoreops over 3 years ago
Changelog
v0.12.1 (2021-05-25)
Implemented enhancements:
- Allow registry auth config without authority value #322 (luhring)
- Add java virtual path to package metadata #320 (wagoodman)
- Show limited package metadata in json presenter #319 (wagoodman)
- json output should be sorted #245
- Expose the explicit record source for each match #283
- Add database information to the JSON output #270
- Add DB information to json descriptor block #302 (wagoodman)
- Add grype db namespace indication in match details #299 (wagoodman)
Fixed bugs:
- Alpine matching should use NVD as primary source #281
- Vulnerability check should be more "greedy" #252
- Allow registry auth config without authority value #322 (luhring)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.12.1docker pull anchore/grype:v0docker pull anchore/grype:v0.12
Published by anchoreops over 3 years ago
Changelog
v0.11.0 (2021-04-22)
Implemented enhancements:
- Update Syft to v0.15.1 #306 (wagoodman)
- Refactor constraint expression parser to allow for quoted versions #234 (wagoodman)
Fixed bugs:
- CycloneDX format is broken in 0.7.0 #288
- Safely join paths derived from tar headers #294 (wagoodman)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.11.0docker pull anchore/grype:v0docker pull anchore/grype:v0.11
Published by anchoreops over 3 years ago
Changelog
v0.10.2 (2021-04-14)
Implemented enhancements:
- Report the repo digests in the JSON output source section #269
- Ability to pull image directly from a registry (without the Docker daemon) #264
- Allow user-defined output formats #251
- Pull in syft v0.14.0 and further decouple presenters from Syft #263 (wagoodman)
- Upgrade grype-db to schema v2 #255
Fixed bugs:
- Status text column not consistently aligned #289
- Cannot handle downgrading grype versions with different DB schemas #271
- CPEs in JSON output should be a formatted string #268
- Private registry and password not working with special chars #254
- Align status text column with that of Syft handlers #292 (luhring)
- Stage DB file within directory named by schema version #272 (wagoodman)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.10.2docker pull anchore/grype:v0docker pull anchore/grype:v0.10
Published by anchoreops over 3 years ago
Changelog
v0.9.0 (2021-03-25)
Implemented enhancements:
- Grype Docker Image #227
Fixed bugs:
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/grype:latestdocker pull anchore/grype:v0.9.0docker pull anchore/grype:v0docker pull anchore/grype:v0.9
Published by anchoreops over 3 years ago
Changelog
v0.8.0 (2021-03-15)
Implemented enhancements:
Fixed bugs:
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops over 3 years ago
Changelog
v0.7.0 (2021-01-27)
Implemented enhancements:
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops almost 4 years ago
Changelog
v0.6.1 (2020-12-08)
Fixed bugs:
- UBI-based images do not generate any vulnerabilities #221
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops almost 4 years ago
Changelog
v0.6.0 (2020-12-03)
Implemented enhancements:
Fixed bugs:
- False negatives in finding CVEs in jar files #209
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops almost 4 years ago
Changelog
v0.5.0 (2020-11-20)
Implemented enhancements:
- Option to use an SBOM input document instead of invoking syft's cataloging functionality #196
- Remove CPE generation (rely on static CPEa from syft instead) #213 (wagoodman)
Fixed bugs:
- can't brew install 0.3.0 on mac #203
- "failed to catalog" error when scanning Python apps #200
- Remove powershell description from completion command #211 (KeisukeYamashita)
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops almost 4 years ago
Changelog
v0.4.0 (2020-11-12)
Implemented enhancements:
- Bump syft from v0.5.1 to v0.7.1 #206 (wagoodman)
- Add signed and notarized ZIP release asset #205 (luhring)
Fixed bugs:
- Updates for macOS release process #201 (luhring)
- Remove darwin target from primary build entry #199 (luhring)
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops almost 4 years ago
Published by anchoreops almost 4 years ago
Changelog
v0.2.0 (2020-10-23)
Implemented enhancements:
- Incorporate package.json & gemspec catalogers #187 (wagoodman)
- Update install script arguments for proper argument processing #181 (wagoodman)
- Run checks on PRs from forks #180 (wagoodman)
- Edit typo in readme #179 (gsiener)
- Incorporate gemspec cataloger #177 (wagoodman)
- Migrate to GHA pipeline #176 (wagoodman)
Closed issues:
- Enable auto pre-release goreleaser flag in release pipeline #119
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops about 4 years ago
First Release! 🎉
Published by anchoreops about 4 years ago
Changelog
v0.1.0-beta.11 (2020-09-26)
Implemented enhancements:
- Integrate the changelog generator into the release pipeline #165
Fixed bugs:
* This Changelog was automatically generated by github_changelog_generator
Published by anchoreops about 4 years ago
Changelog
f13b9a7 Use latest versions of anchore repos (#164)
326afa3 Add OCI support + use URI schemes (#160)
9f6301b Change root of JSON presenter to a mapping (instead of a sequence) (#163)
b2715ff Update high level docs (#162)
ed9f9bc remove duplicate rows from the summary table (#161)
Published by anchoreops about 4 years ago
Changelog
ec493d5 Merge pull request #159 from anchore/update-testutils
578afab update go.mod and go.sum
c73a337 fix replacement of results with matches (#158)
f0f8f4b add --fail-on threshold support (#156)
0397206 Merge pull request #154 from anchore/issue-148
ca19b08 presenter: cyclonedx shouldn't eat up errors
7b71401 cyclonedx tests: update BD name to use grype instead of syft
2d44839 presenter: cyclonedx document updates to pass schema validation
4f78b57 presenter: cyclonedx vulnerability schema fixes
2b8dfc2 temporary bump of go deps for testing
0fb5080 presenter: add new golden files for cyclonedx tests
46f3948 presenter: remove unneeded golden files
3de06ce presenter: join dir+img presesnter tests for cyclonedx
298a801 tests: update CycloneDX presenters with new namespaces
80d494b presenter: add xmlns for bd and v namespaces in cyclonedx output
3a57218 ci: hook the cyclonedx validation into CircleCI
57d777c tests: add cyclonedx schema check
Published by anchoreops about 4 years ago
Changelog
2c1ddbe Merge pull request #152 from anchore/fix-json-keys
cb437b6 Change kebab case to camelCase, use updated syft version
ca8ac61 Rename Result object to Matches (#153)
ad7d9d5 Merge pull request #151 from anchore/fix-version-json-output-casing
9fa5064 Fix json keys to be camel case instead of kebab
293368e Shell completion via Cobra utility (#149)
0f97081 add positional argument validation (#150)
Published by anchoreops about 4 years ago
Changelog
1338850 Add fixed-in-version to the presenters (#147)
bd50ffc Change search key json output to a map (#146)
c0efed5 Merge pull request #143 from anchore/issue-39
c768955 presenter: cyclonedx tests
8fc7efd result: add a helper to get packages by ID
444b191 presenter: set the options to hook CycloneDX output
48c3c2a presenter: add a cyclonedx presenter
8e8ad48 dependencies: update to latest syft and include uuid
b77e023 Merge pull request #137 from anchore/issue-94
d2949a2 matcher: add duplicate to demonstrate they don't show up
89f8ac4 test: update integration to match new SearchMatches
46f614d tests: json presenter output updated
5428cc2 presenter: json to use a string for the search key, not a map
2d7af0b matchers: use strings for SearchKeys
87c267f matchers: cpe should prevent duplicates by not adding already present CPEs
b8a4183 vuln matches should include search matches
651751f simplify version cmd + add json option (#139)
be6a7ea Update README.md to highlight supported distros and languages (#135)
8757b47 Merge pull request #136 from anchore/issue-py-setup
b0c6dc2 test: update scope.FilesByGlob, it is now part of Resolver
b8e9431 dependencies: bump to latest syft that includes setup.py support
618672a matcher: use pkg.PythonSetupPkg as well
3836626 add demo gif (#134)
d3987d7 Update modules (#127)
66b2512 Merge pull request #124 from anchore/issue-91
b237bf9 test: fuzzyConstraint needs a hint now, update tests
75b3537 version: use hint if provided
84684f2 test: add examples of crazy PEP440 rules
0399e08 version: use the new PythonFormat
41147df test: update integration validation for python packages with Python format
0618d1d github is picky about the issue template file extension
d0b03fa add slack links to issue selection (#123)
a34bf6e Merge pull request #122 from nwl/readme-fixes
f2ce94b Replaced stray syft entries with grype
93e39a7 Merge pull request #120 from anchore/readme-install-fix
2caa0d2 docs: emphasize installation methods before features and getting started
89a6201 Disable prerelease version update check (#118)
12b2296 Add future ideas + beta warning to README (#114)
8052fa6 Update installation method (#117)