Releases: anchore/grype
Releases · anchore/grype
v0.74.4
v0.74.3
Bug Fixes
- Fix matching when RPM modularity is a factor [#1679 @wagoodman]
- VEX documents not taken into account when
--fail-on
is set [#1639 #1657 @ferozsalam]
Additional Changes
- break assumption that syft cpe.CPE is wfn.Attributes [#1675 @willmurphyscode]
v0.74.2
Additional Changes
- update Syft to v0.101.1 [#1669 @anchore-actions-token-generator]
v0.74.1
Security Fixes
- bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 [#1651 @dependabot]
Additional Changes
v0.74.0
Added Features
- Vulnerabilities marked as fixed in distro packages should be reported as fixed for all contained packages too [#1236 #1603 @luhring]
Bug Fixes
- Parameter
quiet
is ignored in configuration file [#1645 #1646 @plavy] - 401 unauthorized pulling from public registry [#1637]
Additional Changes
- Update Syft to 0.100.0 [#1649]
v0.73.5
v0.73.4
Additional Changes
- bump to syft v0.98.0 in quality gate tests [#1623 @westonsteimel]
- update syft to v0.98.0; go mod tidy [#1621 @spiffcs]
v0.73.3
v0.73.2
Bug Fixes
- Vulnerabilities in go packages without go modules are not detected [#1581 #1599 @willmurphyscode]
v0.73.1
Bug Fixes
- CycloneDX based analysis failing [#1594 #1596 @anchore-actions-token-generator]
- False negatives when scanning debian trixie/sid images from Dockerhub [#1446 #1593 @willmurphyscode]