Releases: anchore/grype
Releases · anchore/grype
v0.85.0
Added Features
- Add support for gradle in Java [#2236]
- Prefer direct match information over indirect matches [#1931 #2241 @wagoodman]
Bug Fixes
- Restore log on UI teardown [#2248 @wagoodman]
Additional Changes
- Display warnings even when
-v
is not passed and no tty is present [#2180 #2268 @willmurphyscode] - core dependencies: latest syft v1.17.0 and latest stereoscope v0.0.9 [#2275 @willmurphyscode]
v0.84.0
Added Features
- Add support for scanning single purl from the CLI [#2225 #2223 @wagoodman]
Bug Fixes
- Docker reports 0 vulnerabilities. Same file reports many vulnerabilites when ran directly on linux server [#2235]
- Flaky checks on STDIN for purl provider [#2192 #2223 @wagoodman]
- Missing alpine patch version yields inaccurate results [#2222 #2226 @wagoodman]
Additional Changes
- update Syft to v1.16.0 [#2237 @anchore-actions-token-generator]
v0.83.0
v0.82.2
Bug Fixes
- azurelinux considered as comprehensive distro [#2197 @westonsteimel]
- Java archive cataloger performance in 0.82.x much slower than 0.81.0 [#2200]
Additional Changes
- Update to Syft v1.14.2 [#2203 @wagoodman]
v0.82.1
Bug Fixes
- Skip matching on packages with missing version info [#2182 @wagoodman]
- correctly identify version of traefik binaries [#2178 #2179 @westonsteimel]
- RPM version comparison oddity with release field [#398 #2188 @wagoodman]
- purl with epoch should be used even if version is missing epoch [#2170 #2186 @wagoodman]
Additional Changes
- bump syft in quality gate to v1.14.0 [#2187 @westonsteimel]
v0.82.0
Added Features
- performance: only check for a new DB once every 2 hours (configurable) [#2148 @wagoodman]
- wordpress-plugin support [#1553 @disc]
Bug Fixes
- use fix info from secDB in APK matcher even if NVD fix info present [#2162 @willmurphyscode]
Breaking Changes
- Split v1-5 DB distribution concerns to a new
legacy
package [#2124 #2144 @wagoodman]
Additional Changes
v0.81.0
Added Features
- add distro mapping for azure linux 3 [#1848 @willmurphyscode]
- Support for Azure Linux 3.0 [#1829]
v0.80.2
Bug Fixes
- find secdb entries for origin packages [#1602 @luhring]
- Matching java binary packages with NVD records is problematic [#1718 #2114 @wagoodman]
- LoadVulnerabilityDB could be faster with ValidateByHashOnGet [#1502 #2054 @lucasrod16]
Additional Changes
- update Syft to v1.13.0 [#2140 @anchore-actions-token-generator]
- include file specifier in help [#2121 @willmurphyscode]
v0.80.1
Bug Fixes
- CVE-2024-3154 found with latest version [#1834 #2091 @spiffcs]
Additional Changes
- Update Syft to 1.12.2 [#2108]
v0.80.0
Added Features
- Add info subcommand in order to query grype db vulnerabilities [#1629 #2031 @tomersein]
Bug Fixes
- correctly close the db file in v4/v5 stores [#2066 @AndreiStefanie]
- Grype panics with a nil pointer dereference error when given an empty string argument [#2063 #2064 @lucasrod16]
- Ignoring search results when CPE is not set in the SBOM [#2039 #2040 @aeg]
- "No vulnerability database update available" when actually the check for an update was unsuccessful [#310 #1247 @shanedell]
- CycloneDX output
metadata.properties
set tonull
instead of empty array or omitted [#1759]