Releases: anchore/grype
Releases · anchore/grype
v0.78.0
Added Features
Bug Fixes
- ask catalog for package, rather than type asserting [#1857 @willmurphyscode]
- Disable TUI for simple commands [#1872 @wagoodman]
- False Positive: CVE-2023-42282 not affected in SUSE ecosystem [#1813]
- False positive GHSA-jr9c-h74f-2v28/CVE-2022-0905 reported for Non-vulnerable Gitea version [#1416]
Additional Changes
- Update syft to v1.5.0 [#1897 @wagoodman]
v0.77.4
v0.77.3
Additional Changes
v0.77.2
v0.77.1
v0.77.0
Added Features
- add linux and libc-dev headers ignore rules for debian packages [#1809 @zhill]
- use Go main module version when possible [#1797 @luhring]
Additional Changes
v0.76.0
v0.75.0
Added Features
- update syft source providers [#1727 @kzantow]
- enable http timeout [#1777 @willmurphyscode]
Bug Fixes
- use "path/filepath" to build file path [#1767 @seiyab]
- Suppress warnings when matching go packages with
devel
version [#1752 @wagoodman] - not showing poco CVEs from syft generated sbom [#1737]
v0.74.7
v0.74.6
Bug Fixes
- ensure version output to stdout [#1709 @kzantow]
- Seeing "WARN some package(s) are missing CPEs" but it's not clear why [#1634 #1710 @willmurphyscode]