Releases: anchore/grype
Releases · anchore/grype
v0.80.1
Bug Fixes
- CVE-2024-3154 found with latest version [#1834 #2091 @spiffcs]
Additional Changes
- Update Syft to 1.12.2 [#2108]
v0.80.0
Added Features
- Add info subcommand in order to query grype db vulnerabilities [#1629 #2031 @tomersein]
Bug Fixes
- correctly close the db file in v4/v5 stores [#2066 @AndreiStefanie]
- Grype panics with a nil pointer dereference error when given an empty string argument [#2063 #2064 @lucasrod16]
- Ignoring search results when CPE is not set in the SBOM [#2039 #2040 @aeg]
- "No vulnerability database update available" when actually the check for an update was unsuccessful [#310 #1247 @shanedell]
- CycloneDX output
metadata.properties
set tonull
instead of empty array or omitted [#1759]
Additional Changes
v0.79.6
Bug Fixes
- Failed to parse constraint of CVE-2024-6345 which fails the scan [#2048 #2049 @wagoodman]
v0.79.5
v0.79.4
Bug Fixes
- Disable ui before run function on db status [#2008 @wagoodman]
Additional Changes
- update Syft to v1.10.0 [#2019 @anchore-actions-token-generator]
v0.79.3
Bug Fixes
- correct logic checking cpe target software component against package type [#1658 @westonsteimel]
Additional Changes
- update Syft to v1.9.0 [#1986 @anchore-actions-token-generator]
v0.79.2
v0.79.1
v0.79.0
Added Features
Bug Fixes
v0.78.0
Added Features
Bug Fixes
- ask catalog for package, rather than type asserting [#1857 @willmurphyscode]
- Disable TUI for simple commands [#1872 @wagoodman]
- False Positive: CVE-2023-42282 not affected in SUSE ecosystem [#1813]
- False positive GHSA-jr9c-h74f-2v28/CVE-2022-0905 reported for Non-vulnerable Gitea version [#1416]
Additional Changes
- Update syft to v1.5.0 [#1897 @wagoodman]