Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

anchore / grype Public

Notifications You must be signed in to change notification settings
Fork 574
Star 8.9k

Code
Issues 265
Pull requests 17
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Releases: anchore/grype

Releases · anchore/grype

v0.71.0

12 Oct 13:44

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.71.0

Added Features

use ghsa to improve matching for cpes [#811 #1412 @westonsteimel]

(Full Changelog)

Contributors

westonsteimel

Assets 18

Loading

albeper1974 reacted with thumbs up emoji

heubeck reacted with hooray emoji

All reactions

👍 1 reaction
🎉 1 reaction

2 people reacted

v0.70.0

10 Oct 20:01

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.70.0

Added Features

Update Syft to v0.93.0 + enable golang stdlib matching [#1550 @spiffcs ]

Bug Fixes

JSON output: descriptor name is missing "grype" value [#1538 #1542 @kzantow]

(Full Changelog)

Contributors

kzantow and spiffcs

Assets 18

Loading

All reactions

v0.69.1

27 Sep 17:03

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.69.1

Bug Fixes

Incorrect python version comparisons for rc releases [#986 #1510 @willmurphyscode]
False Positive: CVE-2023-37920 reported for certifi library in python [#1417 #1510 @willmurphyscode]
Grype is not recognizing python-certifi is patched for GHSA-43fp-rhv2-5gv8 [#1172 #1510 @willmurphyscode]
False positive on certifi 2022.12.07 [#1034 #1510 @willmurphyscode]
Leading zeros seen as difference in version numbers [#1430 #1510 @willmurphyscode]

Additional Changes

add OpenSSF Best Practices badge [#1523 @spiffcs]
Bump vulnerability match labels [#1525 @wagoodman]
bump stereoscope to fix data race in UI [#1517 @willmurphyscode]

(Full Changelog)

Contributors

wagoodman, willmurphyscode, and spiffcs

Assets 18

Loading

albeper1974 reacted with thumbs up emoji

All reactions

👍 1 reaction

1 person reacted

v0.69.0

20 Sep 21:10

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.69.0

Added Features

Upgrade syft to v0.91.0 (and CycloneDX to v1.5) [#1508 @wagoodman]

Bug Fixes

Grype doesn't exit cleanly on error [#1492 #1505 @kzantow]

Additional Changes

Fix typo in flag on Readme [#1501 @robszumski]
pin cache versions [#1495 @spiffcs]

(Full Changelog)

Contributors

wagoodman, robszumski, and 2 other contributors

Assets 18

Loading

dadyutenga and rsareth reacted with thumbs up emoji

heubeck, llaville, and rsareth reacted with hooray emoji

All reactions

👍 2 reactions
🎉 3 reactions

4 people reacted

v0.68.1

15 Sep 18:49

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.68.1

v0.68.1 (2023-09-15)

Bug Fixes

Version output was not including supported db schema [PR #1494] [kzantow]

Assets 18

Loading

anhng-sg197 and albeper1974 reacted with thumbs up emoji

All reactions

👍 2 reactions

2 people reacted

v0.68.0

14 Sep 21:31

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.68.0

v0.68.0 (2023-09-14)

Added Features

Ignore/add match results based on OpenVEX documents [PR #1397] [puerco]
Introduce exit code failure option for db update check [PR #1463] [devfbe]

Bug Fixes

Fix race conditions around stager, enable detector [PR #1489] [willmurphyscode]
Grype hangs forever if gets interrupted during work (in rare cases) [Issue #1427] [PR #1437] [kzantow]

Assets 18

Loading

heubeck, llaville, and anhng-sg197 reacted with hooray emoji

All reactions

🎉 3 reactions

3 people reacted

v0.67.0

11 Sep 18:18

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.67.0

v0.67.0 (2023-09-11)

Additional Changes

chore: bump quality gate to use syft v0.89.0 [PR #1479] [westonsteimel]
chore: update grype to use Go v1.21 [PR #1480] [spiffcs]

Assets 18

Loading

heubeck and devfbe reacted with hooray emoji

devfbe and anhng-sg197 reacted with heart emoji

All reactions

🎉 2 reactions
❤️ 2 reactions

3 people reacted

v0.66.0

31 Aug 16:50

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.66.0

v0.66.0 (2023-08-31)

Added Features

Allow for access to private CAs securely [Issue #1226] [PR #1232] [5p2O5pe25ouT]
Filter out packages that are owned by OS packages (ownership overlap) [Issue #1373] [PR #1387] [willmurphyscode]

Bug Fixes

fix: Only remove packages by binary overlap [PR #1444] [willmurphyscode]
New version notice only showing the version and no text [PR #1445] [wagoodman]
fix: set correct default to exclude overlapping binaries [PR #1452] [kzantow]
Portage version comparison is not working [Issue #1459] [PR #1468] [barnuri]

Additional Changes

Update Syft to 0.89.0

Assets 18

Loading

All reactions

v0.65.2

17 Aug 20:07

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.65.2

v0.65.2 (2023-08-17)

Additional Changes

Update Syft to v0.87.1
Add a simple JUnit XML template [PR #1422] [YevheniiPokhvalii]
Update semver regular expression constraint to allow for 1.20rc1 cases no '-' [PR #1434] [spiffcs]

Assets 18

Loading

heubeck and anaynayak reacted with hooray emoji

All reactions

🎉 2 reactions

2 people reacted

v0.65.1

04 Aug 13:06

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v0.65.1

v0.65.1 (2023-08-04)

Bug Fixes

Grype cannot read SPDX documents generated by SPDX-maven-plugin [Issue #1306]

Assets 18

Loading

All reactions

Previous 1 2 3 4 5 6 7 … 14 15 Next

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.