Skip to content

feat: specify distro without version #2534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 17, 2025
Merged

feat: specify distro without version #2534

merged 3 commits into from
Mar 17, 2025
+128 −76

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Mar 17, 2025
edited
Loading

Before this PR, it was not possible to specify a distro without exact version information, such as --distro alpine:3.17. There are cases users want to specify the distro but do not know the exact distro version to use. This PR relaxes the requirement to only use a single distro, allowing for specifying without a version, such as --distro ubuntu or only a major version like --distro alpine:3. The JSON output includes namespace information already, so a user can understand where matches came from, this PR also detects when multiple distros are present in the results and adds annotations to the table view to make this clear to users, e.g.:

NAME          INSTALLED  FIXED-IN              TYPE  VULNERABILITY   SEVERITY                            
...
ssl_client    1.34.1-r7  1.35.0-r18            apk   CVE-2023-42366  Medium    (alpine:3.16)              
ssl_client    1.34.1-r7  1.35.0-r30            apk   CVE-2023-42366  Medium    (alpine:3.16)              
ssl_client    1.34.1-r7  1.36.1-r16            apk   CVE-2023-42366  Medium    (alpine:3.16)              
ssl_client    1.34.1-r7  1.36.1-r25            apk   CVE-2023-42366  Medium    (alpine:3.16)              
ssl_client    1.34.1-r7  1.36.1-r6             apk   CVE-2023-42366  Medium    (alpine:3.16)              
busybox       1.34.1-r7  1.36.1-r1             apk   CVE-2022-48174  Critical  (alpine:3.18, suppressed)  
busybox       1.34.1-r7  1.36.1-r2             apk   CVE-2022-48174  Critical  (alpine:3.18, suppressed)  
ssl_client    1.34.1-r7  1.36.1-r1             apk   CVE-2022-48174  Critical  (alpine:3.18, suppressed)

Fixes: #2521

kzantow added 3 commits March 17, 2025 14:29
@kzantow
feat: specify distro without version

Verified

This commit was signed with the committer’s verified signature. The key has expired.
AustinAbro321 Austin Abro
GPG key ID: 92EB5159E403F9D6
Expired
Verified
Learn about vigilant mode
Loading
Loading status checks…
7406847 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: update tests

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
c8eca5f 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: update more tests

Verified

This commit was signed with the committer’s verified signature.
chaospuppy Tim Seagren
GPG key ID: BDDCA7A32059E8E0
Verified
Learn about vigilant mode
Loading
Loading status checks…
984539e 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
kzantow
kzantow commented Mar 17, 2025
View reviewed changes
grype/presenter/table/__snapshots__/presenter_test.snap
package-2 2.2.2 deb CVE-1999-0002 Critical (ubuntu:3.5)
package-2 2.2.2 deb CVE-1999-0001 Low (ubuntu:2.5, suppressed)
package-2 2.2.2 deb CVE-1999-0002 Critical (ubuntu:3.5, suppressed)
package-2 2.2.2 deb CVE-1999-0004 Critical (suppressed by VEX)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: this didn't have a distro associated with the match

@kzantow kzantow added enhancement New feature or request and removed enhancement New feature or request labels Mar 17, 2025
@kzantow kzantow merged commit 3b07229 into anchore:main Mar 17, 2025
10 checks passed
@kzantow kzantow deleted the feat/search-by-os-name branch March 17, 2025 19:07
@BrewTestBot BrewTestBot mentioned this pull request Mar 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Match vulnerabilities by distro name when no version specified
2 participants
@kzantow @wagoodman