v0.65.2

v0.65.2 (2023-08-17)

Full Changelog

Additional Changes

• Update Syft to v0.87.1
• Add a simple JUnit XML template [PR #1422] [YevheniiPokhvalii]
• Update semver regular expression constraint to allow for 1.20rc1 cases no '-' [PR #1434] [spiffcs]

v0.65.1

v0.65.1 (2023-08-04)

Full Changelog

Bug Fixes

• Grype cannot read SPDX documents generated by SPDX-maven-plugin [Issue #1306]

v0.65.0

Changelog

v0.65.0 (2023-07-31)

Full Changelog

Added Features

• feat: implement secondary sorting for default json output [PR #1403] [spiffcs]
• Consistent sort order for grype output [Issue #709] [PR #1400] [spiffcs]

Bug Fixes

• Grype reading SPDX file with json output gets UnknownScheme error [Issue #948]
• grype 0.64.0 doesn't list vulnerabilties if --fail-on fails [Issue #1392] [PR #1395] [willmurphyscode]

Additional Changes

• chore: bump quality gate label dataset [PR #1404] [westonsteimel]

v0.64.2

Changelog

v0.64.2 (2023-07-20)

Full Changelog

Bug Fixes

• grype 0.64.0 doesn't list vulnerabilties if --fail-on fails [Issue #1392] [PR #1395] [willmurphyscode]

v0.64.1

Changelog

v0.64.1 (2023-07-17)

Full Changelog

Bug Fixes

• stop truncating template files Issue #1388 PR #1391 willmurphyscode

Additional Changes

• Port UI to bubbletea [PR #1385] [wagoodman]

v0.64.0

Changelog

v0.64.0 (2023-07-13)

Full Changelog

Added Features

• You can now list multiple output formats and files to write to disk with one command, like Syft: "-o format1=file1 -o format1=file2" [Issue #648] [PR #1346] [olivierboudet]

Bug Fixes

• Correctly detect format of CycloneDX XML SBOM with no components [Issue #1005]
• Fix vulnerability summary counts to be less confusing. [Issue #1360]

Additional Changes

• Port to new Syft source API [PR #1376] [wagoodman]
• Include Syft 0.85.0

v0.63.1

Changelog

v0.63.1 (2023-06-30)

Full Changelog

Bug Fixes

• Add more log4j-adjacent package ignore rules [PR #1358] [luhring]
• The summary by severity is confusing [Issue #1312] [PR #1359] [kzantow]

v0.63.0

Changelog

v0.63.0 (2023-06-21)

Full Changelog

Added Features

• Always include the specific package name and version used in the vulnerability search in the matchDetails section of the output [PR #1339] [westonsteimel]
• Expose Go template file that produces the table report [Issue #629] [PR #1343] [jneate]
• Add a folder for community Go templates (see templates/README.md for more details) [Issue #1316]

Breaking Changes

• update Syft to v0.84.0: stereoscope platform fix and artifact ID padding [PR #1354] [anchore-actions-token-generator]

v0.62.3

Changelog

v0.62.3 (2023-06-05)

Full Changelog

Bug Fixes

• Suppressed vulnerabilties are now correctly hidden, unless the --show-suppressed option is provided.
  [Issue #1053] [Issue #1278] [PR #1322] [jamestran201]

v0.62.2

Changelog

v0.62.2 (2023-05-26)

Full Changelog