Releases: anchore/grype
Releases · anchore/grype
v0.73.0
Added Features
- Add a reason field to ignore config [#1337 #1532 @shanduur]
- Colorize severity in table output [#225 #1284 @shanedell]
Bug Fixes
- Enable setting golang CPE config using env var [#1585 @willmurphyscode]
- Incorrect version comparisons for maven packages [#1526 #1571 @spiffcs]
- Grype fails to detect postgresql jdbc driver CVEs when scanning .jar [#1482]
Additional Changes
- Incorporate format API changes from syft [#1582 @wagoodman]
v0.72.0
Added Features
- Add --ignore-states flag for ignoring findings with specific fix states [#1473 @jhebden-gl]
- Implement checksum & artifact signing [#1513 #1535 @hibare]
Bug Fixes
- Report errors to stderr not stdout [#1561 @wagoodman]
- grype v0.71.0 stopped showing vulnerabilities for Go stdlib [#1562 #1565 @wagoodman]
- SARIF output not compatible with GitHub [#1518 #1563 @spiffcs]
v0.71.0
v0.70.0
v0.69.1
Bug Fixes
- Incorrect python version comparisons for rc releases [#986 #1510 @willmurphyscode]
- False Positive: CVE-2023-37920 reported for certifi library in python [#1417 #1510 @willmurphyscode]
- Grype is not recognizing python-certifi is patched for GHSA-43fp-rhv2-5gv8 [#1172 #1510 @willmurphyscode]
- False positive on certifi 2022.12.07 [#1034 #1510 @willmurphyscode]
- Leading zeros seen as difference in version numbers [#1430 #1510 @willmurphyscode]
Additional Changes
- add OpenSSF Best Practices badge [#1523 @spiffcs]
- Bump vulnerability match labels [#1525 @wagoodman]
- bump stereoscope to fix data race in UI [#1517 @willmurphyscode]
v0.69.0
Added Features
- Upgrade syft to v0.91.0 (and CycloneDX to v1.5) [#1508 @wagoodman]
Bug Fixes
Additional Changes
- Fix typo in flag on Readme [#1501 @robszumski]
- pin cache versions [#1495 @spiffcs]
v0.68.1
v0.68.1 (2023-09-15)
Bug Fixes
v0.68.0
v0.68.0 (2023-09-14)
Added Features
- Ignore/add match results based on OpenVEX documents [PR #1397] [puerco]
- Introduce exit code failure option for db update check [PR #1463] [devfbe]
Bug Fixes
- Fix race conditions around stager, enable detector [PR #1489] [willmurphyscode]
- Grype hangs forever if gets interrupted during work (in rare cases) [Issue #1427] [PR #1437] [kzantow]
v0.67.0
v0.67.0 (2023-09-11)
Additional Changes
- chore: bump quality gate to use syft v0.89.0 [PR #1479] [westonsteimel]
- chore: update grype to use Go v1.21 [PR #1480] [spiffcs]
v0.66.0
v0.66.0 (2023-08-31)
Added Features
- Allow for access to private CAs securely [Issue #1226] [PR #1232] [5p2O5pe25ouT]
- Filter out packages that are owned by OS packages (ownership overlap) [Issue #1373] [PR #1387] [willmurphyscode]
Bug Fixes
- fix: Only remove packages by binary overlap [PR #1444] [willmurphyscode]
- New version notice only showing the version and no text [PR #1445] [wagoodman]
- fix: set correct default to exclude overlapping binaries [PR #1452] [kzantow]
- Portage version comparison is not working [Issue #1459] [PR #1468] [barnuri]
Additional Changes
- Update Syft to 0.89.0