Releases: anchore/grype
Releases · anchore/grype
v0.62.1
v0.62.0
Changelog
v0.62.0 (2023-05-22)
Added Features
- Add package qualifier for platform CPE [PR #1291] [westonsteimel]
- Include timestamp and image name in reports [Issue #1170] [PR #1249] [jneate]
- Document command line flag for config file location [Issue #1271] [PR #1274] [jneate]
- Add support for Mariner distribution [Issue #1220]
- Add support for Syft IDs in JSON output [PR #1266] [luhring]
Bug Fixes
- False positive with pkg:rpm PURLs [Issue #1031] [PR #1237] [Shanedell]
- Specifying "extras" in pip / requirements.txt results in false negative [Issue #1246]
- CycloneDX dependencies relationships inverted [Issue #1294]
Additional Changes
- docs: add "cyclonedx-json" to output formats [PR #1252] [HNKNTA]
- chore: update quality gate labels and add keycloak [PR #1255] [westonsteimel]
- Install skopeo during bootstrap [PR #1260] [willmurphyscode]
- Replace deprecated io/ioutil calls [PR #1296] [testwill]
- Fix reading syft json from stdin by redirect [PR #1299] [devfbe]
- Add gitignore for default build target [PR #1305] [testwill]
v0.61.1
Changelog
v0.61.1 (2023-04-21)
Bug Fixes
- ❔ Parsing dpkg status: extracting key-value from line: usr/lib/os-release err: cannot parse field [Issue #1195]
- Grype suggesting to upgrade to a version already used. [Issue #1209]
Additional Changes
v0.61.0
Changelog
v0.61.0 (2023-04-04)
Added Features
- feat: Add config option to prefer registry over local Docker when scanning an image [Issue #1204] [PR #1215] [spiffcs]
Additional Changes
v0.60.0
Changelog
v0.60.0 (2023-03-28)
Added Features
- feat: disable CPE-based matching by default for javascript [PR #1180] [westonsteimel]
Additional Changes
- Improve --by-cve report performance [Issue #1185] [PR #1188] [westonsteimel]
v0.59.1
Changelog
v0.59.1 (2023-03-09)
Bug Fixes
- fix: correct APK CPE version comparison logic [PR #1165] [westonsteimel]
v0.59.0
Changelog
v0.59.0 (2023-03-03)
Added Features
- Add the total types of vulnerabilities in Grype output [Issue #877] [PR #946] [zhiburt]
Additional Changes
- chore: bump quality gate labels and syft version [PR #1156] [westonsteimel]
v0.58.0
Changelog
v0.58.0 (2023-03-02)
Security Fixes
- chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 [PR #1134] [dependabot]
Added Features
- add grype image to ArtifactHub [Issue #613] [PR #639] [developer-guy]
Bug Fixes
- Grype with version v.0.55 take 3 hour to scan the image [Issue #1063]
- Unable to install Grype [Issue #1102]
Additional Changes
v0.57.1
v0.57.0
Changelog
Updates
- Update to latest syft for faster indexing and SBOM generation when consuming source and not using the SBOM as an input
Bug Fixes
- regression: Grype 0.54.0 does not find vulnerabilities in Nodejs runtime itself anymore [Issue #1043]
Additional Changes
- bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a [PR #1095] [wagoodman]
- chore: prune cosign dependency for grype builds [PR #1100] [spiffcs]
- chore: bump yardstick for better quality gate filtering [PR #1101] [westonsteimel]
- chore: add new images to quality gate [PR #1106] [westonsteimel]
- fix: exclude OS packages from CPE target filtering [PR #1130] [westonsteimel]
- fix: ignore some false-positives for ruby gems [PR #1132] [westonsteimel]