anchore/grype issues and pull requests

#2198 - chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies, go

#2197 - fix: azurelinux considered as comprehensive distro

Pull Request - State: closed - Opened by westonsteimel about 1 month ago - 1 comment
Labels: bug

#2196 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 1 month ago
Labels: dependencies

#2195 - Unable to parse apk constraint phrase: failed to create comparator for '&{>= 1.0.2zk}'

Issue - State: closed - Opened by bergernir about 1 month ago - 7 comments
Labels: bug

#2194 - feat: multi-level configuration and profiles

Pull Request - State: closed - Opened by kzantow about 1 month ago
Labels: enhancement

#2193 - chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies, github_actions

#2192 - Flaky checks on STDIN for purl provider

Issue - State: closed - Opened by sfc-gh-ylefloch about 1 month ago - 1 comment
Labels: bug

#2191 - chore(deps): update Syft to v1.14.1

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 1 month ago
Labels: dependencies

#2190 - chore: bump syft to main

Pull Request - State: closed - Opened by willmurphyscode about 2 months ago - 1 comment

#2189 - dependency: bump syft to main pre-release

Pull Request - State: closed - Opened by willmurphyscode about 2 months ago
Labels: dependencies

#2188 - Account for implicit 0s in rpm release versions

Pull Request - State: closed - Opened by wagoodman about 2 months ago

#2187 - chore: bump syft in quality gate to v1.14.0

Pull Request - State: closed - Opened by westonsteimel about 2 months ago

#2186 - Use epoch from metadata when missing from version string

Pull Request - State: closed - Opened by wagoodman about 2 months ago - 2 comments

#2185 - chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, go

#2184 - chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2183 - chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2182 - Skip matching on packages with missing version info

Pull Request - State: closed - Opened by wagoodman about 2 months ago
Labels: bug

#2181 - Mariner Linux "util-linux" package FP

Issue - State: open - Opened by Atharex about 2 months ago - 4 comments
Labels: bug, false-positive

#2180 - Display warnings even when `-v` is not passed and no tty is present

Issue - State: closed - Opened by metametadata about 2 months ago - 6 comments

#2179 - fix: exclude binary packages from CPE target software component filter logic

Pull Request - State: closed - Opened by westonsteimel about 2 months ago

#2178 - correctly identify version of traefik binaries

Issue - State: closed - Opened by mcarbonne about 2 months ago
Labels: bug

#2177 - Add release docs

Pull Request - State: closed - Opened by wagoodman about 2 months ago
Labels: documentation

#2176 - chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2175 - Grype reports false postive on go-tuf package - confuses v2/go-tuf with go-tuf (non-v2)

Issue - State: closed - Opened by mamccorm about 2 months ago - 2 comments
Labels: bug, changelog-ignore

#2174 - Add `grype db providers` command

Pull Request - State: closed - Opened by ADorigi about 2 months ago - 4 comments

#2173 - chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2172 - chore(deps): bump actions/cache from 4.0.2 to 4.1.1

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2171 - Provide the default template under the templates path

Issue - State: open - Opened by samueloph about 2 months ago - 3 comments
Labels: enhancement, needs-discussion

#2170 - purl with epoch should be used even if version is missing epoch

Issue - State: closed - Opened by jessesmd about 2 months ago - 5 comments
Labels: bug

#2169 - chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2168 - chore(deps): bump actions/checkout from 4.2.0 to 4.2.1

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2167 - chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2166 - [chore] Add mastodon link to README.md

Pull Request - State: closed - Opened by popey about 2 months ago
Labels: changelog-ignore

#2165 - False negative: recent Critical Apache Avro (Java) vulnerability (CVE-2024-47561) does not get detected

Issue - State: closed - Opened by dbrugman about 2 months ago - 6 comments
Labels: changelog-ignore

#2164 - chore(deps): update Syft to v1.14.0

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 2 months ago
Labels: dependencies

#2163 - chore(deps): bump actions/cache from 4.0.2 to 4.1.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#2162 - fix: use fix info from secDB in APK matcher even if NVD fix info present

Pull Request - State: closed - Opened by willmurphyscode about 2 months ago - 3 comments
Labels: bug

#2161 - Grype throws "requested access to the resource is denied" even I have access with Docker

Issue - State: closed - Opened by Dentrax about 2 months ago - 2 comments
Labels: bug, changelog-ignore

#2160 - chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2159 - chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2158 - grype miss the vulnerable location about CVE-2022-22978

Issue - State: closed - Opened by moon2263 about 2 months ago - 3 comments
Labels: bug, changelog-ignore

#2157 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 2 months ago
Labels: dependencies

#2156 - False positives for recent CUPS vulnerability CVE-2024-47175

Issue - State: open - Opened by dbrugman about 2 months ago - 6 comments
Labels: bug, needs-discussion

#2155 - Add a space following the "Name:" label in html.tmpl

Pull Request - State: closed - Opened by deftdawg about 2 months ago - 1 comment

#2154 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 2 months ago
Labels: dependencies

#2153 - test: update quality gate db to latest version

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 2 months ago
Labels: changelog-ignore, test

#2152 - Explicitly skip update ts on check failure

Pull Request - State: closed - Opened by wagoodman about 2 months ago
Labels: bug, changelog-ignore

#2151 - Add v6 DB curator

Pull Request - State: closed - Opened by wagoodman about 2 months ago - 1 comment
Labels: enhancement, changelog-ignore

#2150 - Add v6 distribution client

Pull Request - State: closed - Opened by wagoodman about 2 months ago
Labels: enhancement, changelog-ignore

#2149 - chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies, github_actions

#2148 - performance: only check for a new DB once every 2 hours (configurable)

Pull Request - State: closed - Opened by wagoodman about 2 months ago
Labels: enhancement

#2147 - chore(deps): bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies, go

#2146 - Add v6 DB metadata store

Pull Request - State: closed - Opened by wagoodman 2 months ago
Labels: enhancement, changelog-ignore

#2145 - chore(deps): bump actions/checkout from 4.1.7 to 4.2.0

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies, github_actions

#2144 - Migrate legacy distribution concerns (v1-5 schemas)

Pull Request - State: closed - Opened by wagoodman 2 months ago

#2143 - docs: start documenting how to add new provider

Pull Request - State: open - Opened by willmurphyscode 2 months ago
Labels: documentation

#2142 - chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies, github_actions

#2141 - Add awaiting response management

Pull Request - State: closed - Opened by wagoodman 2 months ago
Labels: changelog-ignore

#2140 - chore(deps): update Syft to v1.13.0

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 2 months ago

#2139 - Use faster xz lib for decompression

Pull Request - State: closed - Opened by wagoodman 2 months ago - 1 comment
Labels: changelog-ignore

#2138 - Dontmerge fail yardstick validate

Pull Request - State: closed - Opened by willmurphyscode 2 months ago - 1 comment

#2137 - False positive: CVE-2023-47100 (duplicate of CVE-2023-47038) in perl-5.36.2

Issue - State: closed - Opened by nielsaka 2 months ago - 2 comments
Labels: bug, false-positive, changelog-ignore

#2136 - chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.5

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies, github_actions

#2135 - chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies, github_actions

#2134 - grype db import from a URL

Issue - State: open - Opened by TimBrown1611 2 months ago
Labels: enhancement

#2133 - bug: fix slice init length

Pull Request - State: closed - Opened by xixishidibei 2 months ago
Labels: changelog-ignore

#2132 - Simplify grype DB access abstractions

Issue - State: open - Opened by wagoodman 2 months ago
Labels: enhancement

#2131 - Add DB providers command

Issue - State: closed - Opened by wagoodman 2 months ago - 3 comments
Labels: enhancement

#2130 - Stabilize DB `search` output

Issue - State: open - Opened by wagoodman 2 months ago - 1 comment
Labels: enhancement

#2129 - Replace `grype db diff` with `grype db search --since DATE`

Issue - State: open - Opened by wagoodman 2 months ago - 6 comments
Labels: breaking-change

#2128 - Add DB v6 schema

Issue - State: closed - Opened by wagoodman 2 months ago - 2 comments
Labels: enhancement, changelog-ignore

#2127 - Split DB v6 Curator object

Issue - State: open - Opened by wagoodman 2 months ago
Labels: enhancement

#2126 - Configure and use DB distribution URLs

Issue - State: open - Opened by wagoodman 2 months ago
Labels: enhancement

#2125 - DB v6 distribution approach

Issue - State: open - Opened by wagoodman 2 months ago - 1 comment
Labels: enhancement, planning

#2124 - Split v1-5 DB distribution concerns to a new `legacy` package

Issue - State: closed - Opened by wagoodman 2 months ago
Labels: breaking-change

#2123 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 2 months ago
Labels: dependencies

#2122 - grype db list contains only last 4 days DBs

Issue - State: closed - Opened by TimBrown1611 2 months ago - 1 comment
Labels: question

#2121 - chore: include file specifier in help

Pull Request - State: closed - Opened by willmurphyscode 2 months ago

#2120 - docs: add mention of file scheme

Pull Request - State: closed - Opened by kzantow 2 months ago
Labels: changelog-ignore

#2119 - chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies, github_actions

#2118 - chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies, go

#2117 - Restrict output to a given severity level

Issue - State: closed - Opened by Itxaka 2 months ago - 2 comments
Labels: enhancement

#2116 - go-sqlite package is broken since upgrading to golang 1.23

Issue - State: closed - Opened by tomersein 2 months ago - 1 comment
Labels: bug, changelog-ignore

#2115 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 3 months ago
Labels: dependencies

#2114 - Correctly match JVM version ranges

Pull Request - State: closed - Opened by wagoodman 3 months ago - 3 comments
Labels: enhancement

#2113 - chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

#2112 - Matcher dispatch should be based on any package quality

Issue - State: open - Opened by wagoodman 3 months ago - 1 comment
Labels: enhancement, breaking-change

#2111 - chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

#2110 - feat: --enrich flag to enable data enrichment

Pull Request - State: open - Opened by kzantow 3 months ago
Labels: blocked

#2109 - chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, go

#2108 - chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: go

#2107 - chore(deps): update Syft to v1.12.2

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 3 months ago

#2106 - fix: Update gitmodule url

Pull Request - State: closed - Opened by popey 3 months ago

#2105 - chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, go

#2104 - chore(deps): bump github.com/docker/docker from 27.2.0+incompatible to 27.2.1+incompatible

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 2 comments
Labels: dependencies, go

#2103 - chore(deps): bump gorm.io/gorm from 1.25.11 to 1.25.12

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, go

#2102 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 3 months ago
Labels: dependencies

#2101 - Ability to apply template off of previously generated json

Issue - State: open - Opened by nvp152 3 months ago - 2 comments
Labels: enhancement

#2100 - bug: Don't use git urls for submodules

Issue - State: closed - Opened by popey 3 months ago
Labels: bug

#2099 - chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

GitHub / anchore/grype issues and pull requests