Releases: anchore/grype
Releases · anchore/grype
v0.63.0
Changelog
v0.63.0 (2023-06-21)
Added Features
- Always include the specific package name and version used in the vulnerability search in the matchDetails section of the output [PR #1339] [westonsteimel]
- Expose Go template file that produces the table report [Issue #629] [PR #1343] [jneate]
- Add a folder for community Go templates (see templates/README.md for more details) [Issue #1316]
Breaking Changes
- update Syft to v0.84.0: stereoscope platform fix and artifact ID padding [PR #1354] [anchore-actions-token-generator]
v0.62.3
Changelog
v0.62.3 (2023-06-05)
Bug Fixes
- Suppressed vulnerabilties are now correctly hidden, unless the --show-suppressed option is provided.
[Issue #1053] [Issue #1278] [PR #1322] [jamestran201]
v0.62.2
v0.62.1
v0.62.0
Changelog
v0.62.0 (2023-05-22)
Added Features
- Add package qualifier for platform CPE [PR #1291] [westonsteimel]
- Include timestamp and image name in reports [Issue #1170] [PR #1249] [jneate]
- Document command line flag for config file location [Issue #1271] [PR #1274] [jneate]
- Add support for Mariner distribution [Issue #1220]
- Add support for Syft IDs in JSON output [PR #1266] [luhring]
Bug Fixes
- False positive with pkg:rpm PURLs [Issue #1031] [PR #1237] [Shanedell]
- Specifying "extras" in pip / requirements.txt results in false negative [Issue #1246]
- CycloneDX dependencies relationships inverted [Issue #1294]
Additional Changes
- docs: add "cyclonedx-json" to output formats [PR #1252] [HNKNTA]
- chore: update quality gate labels and add keycloak [PR #1255] [westonsteimel]
- Install skopeo during bootstrap [PR #1260] [willmurphyscode]
- Replace deprecated io/ioutil calls [PR #1296] [testwill]
- Fix reading syft json from stdin by redirect [PR #1299] [devfbe]
- Add gitignore for default build target [PR #1305] [testwill]
v0.61.1
Changelog
v0.61.1 (2023-04-21)
Bug Fixes
- ❔ Parsing dpkg status: extracting key-value from line: usr/lib/os-release err: cannot parse field [Issue #1195]
- Grype suggesting to upgrade to a version already used. [Issue #1209]
Additional Changes
v0.61.0
Changelog
v0.61.0 (2023-04-04)
Added Features
- feat: Add config option to prefer registry over local Docker when scanning an image [Issue #1204] [PR #1215] [spiffcs]
Additional Changes
v0.60.0
Changelog
v0.60.0 (2023-03-28)
Added Features
- feat: disable CPE-based matching by default for javascript [PR #1180] [westonsteimel]
Additional Changes
- Improve --by-cve report performance [Issue #1185] [PR #1188] [westonsteimel]
v0.59.1
Changelog
v0.59.1 (2023-03-09)
Bug Fixes
- fix: correct APK CPE version comparison logic [PR #1165] [westonsteimel]
v0.59.0
Changelog
v0.59.0 (2023-03-03)
Added Features
- Add the total types of vulnerabilities in Grype output [Issue #877] [PR #946] [zhiburt]
Additional Changes
- chore: bump quality gate labels and syft version [PR #1156] [westonsteimel]