Releases: anchore/grype
Releases · anchore/grype
v0.81.0
Added Features
- add distro mapping for azure linux 3 [#1848 @willmurphyscode]
- Support for Azure Linux 3.0 [#1829]
v0.80.2
Bug Fixes
- find secdb entries for origin packages [#1602 @luhring]
- Matching java binary packages with NVD records is problematic [#1718 #2114 @wagoodman]
- LoadVulnerabilityDB could be faster with ValidateByHashOnGet [#1502 #2054 @lucasrod16]
Additional Changes
- update Syft to v1.13.0 [#2140 @anchore-actions-token-generator]
- include file specifier in help [#2121 @willmurphyscode]
v0.80.1
Bug Fixes
- CVE-2024-3154 found with latest version [#1834 #2091 @spiffcs]
Additional Changes
- Update Syft to 1.12.2 [#2108]
v0.80.0
Added Features
- Add info subcommand in order to query grype db vulnerabilities [#1629 #2031 @tomersein]
Bug Fixes
- correctly close the db file in v4/v5 stores [#2066 @AndreiStefanie]
- Grype panics with a nil pointer dereference error when given an empty string argument [#2063 #2064 @lucasrod16]
- Ignoring search results when CPE is not set in the SBOM [#2039 #2040 @aeg]
- "No vulnerability database update available" when actually the check for an update was unsuccessful [#310 #1247 @shanedell]
- CycloneDX output
metadata.properties
set tonull
instead of empty array or omitted [#1759]
Additional Changes
v0.79.6
Bug Fixes
- Failed to parse constraint of CVE-2024-6345 which fails the scan [#2048 #2049 @wagoodman]
v0.79.5
v0.79.4
Bug Fixes
- Disable ui before run function on db status [#2008 @wagoodman]
Additional Changes
- update Syft to v1.10.0 [#2019 @anchore-actions-token-generator]
v0.79.3
Bug Fixes
- correct logic checking cpe target software component against package type [#1658 @westonsteimel]
Additional Changes
- update Syft to v1.9.0 [#1986 @anchore-actions-token-generator]