anchore/grype issues and pull requests

#1998 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 4 months ago
Labels: dependencies

#1997 - chore(deps): bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#1996 - chore: request artifact in issue template

Pull Request - State: closed - Opened by willmurphyscode 4 months ago
Labels: documentation, changelog-ignore

#1995 - Grype report showing wrong installed version for commons-beanutils jar.

Issue - State: closed - Opened by ayushs2k1 4 months ago - 3 comments

#1994 - docs: CODE_OF_CONDUCT.md

Pull Request - State: closed - Opened by popey 4 months ago
Labels: changelog-ignore

#1993 - Does grype support openeuler system？

Issue - State: open - Opened by DaddyXz 4 months ago - 2 comments
Labels: enhancement

#1992 - chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0

Pull Request - State: open - Opened by dependabot[bot] 5 months ago
Labels: dependencies, github_actions

#1991 - chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1 to 0.12.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, go

#1990 - chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, github_actions

#1989 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 5 months ago
Labels: dependencies

#1988 - False positive: GHSA-g3rq-g295-4j3m (CVE-2020-28493) python3-Jinja2 in SLES 15.5 Ecosystem

Issue - State: open - Opened by sekveaja 5 months ago - 4 comments
Labels: bug, blocked

#1987 - feature: table output for --fail-on should only print vulnerabilities equal to or above the severity passed

Issue - State: open - Opened by spiffcs 5 months ago
Labels: bug

#1986 - chore(deps): update Syft to v1.9.0

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 5 months ago - 1 comment

#1985 - chore(deps): bump gorm.io/gorm from 1.25.10 to 1.25.11

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 3 comments
Labels: dependencies, go

#1984 - False positive: GHSA-j8r2-6x86-q33q (CVE-2023-32681) python3-requests GHSA-5xp3-jfq3-5q8x (CVE-2021-3572) python3-pip

Issue - State: open - Opened by sekveaja 5 months ago - 1 comment
Labels: bug, blocked

#1983 - chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.0 to 0.11.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1982 - chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, github_actions

#1981 - chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, github_actions

#1980 - chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1979 - chore(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1978 - False Positive: GHSA-5mj6-643f-2g85 (CVE-2013-2256),.... python3-nova Openstack

Issue - State: open - Opened by sekveaja 5 months ago - 1 comment
Labels: bug, blocked

#1977 - chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, github_actions

#1976 - Fix: Fully validate `vulnerability.db` by hash

Pull Request - State: open - Opened by joshuai96 5 months ago - 6 comments
Labels: blocked

#1975 - `db status` does not validate `vulnerability.db`

Issue - State: closed - Opened by joshuai96 5 months ago - 3 comments
Labels: bug, database

#1974 - docs: update readme with new default cyclone-dx format v1.6

Pull Request - State: closed - Opened by spiffcs 5 months ago
Labels: changelog-ignore

#1973 - epss score in grype results

Issue - State: open - Opened by TimBrown1611 5 months ago
Labels: enhancement

#1972 - test: update quality gate db to latest version

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 5 months ago
Labels: changelog-ignore, test

#1971 - chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.3+incompatible

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 2 comments
Labels: dependencies, go

#1970 - support cvss 4.0

Issue - State: open - Opened by tomersein 5 months ago - 5 comments
Labels: enhancement

#1969 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 5 months ago
Labels: dependencies

#1968 - chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, github_actions

#1967 - chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.2+incompatible

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1966 - chore: pin new sign installer to commit sha

Pull Request - State: closed - Opened by spiffcs 5 months ago
Labels: changelog-ignore

#1965 - False positive: GHSA-v5h6-c2hv-hv3r (CVE-2024-27280) ruby2.5-stdlib in SLES 15.5 Ecosystem

Issue - State: open - Opened by sekveaja 5 months ago - 1 comment
Labels: bug, blocked

#1964 - chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.1+incompatible

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1963 - chore(deps): bump github.com/charmbracelet/bubbletea from 0.26.5 to 0.26.6

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, go

#1962 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 5 months ago
Labels: dependencies

#1961 - chore: add workflow to update quality test db

Pull Request - State: closed - Opened by spiffcs 5 months ago - 1 comment
Labels: changelog-ignore

#1960 - chore: update test_db_url

Pull Request - State: closed - Opened by spiffcs 5 months ago
Labels: changelog-ignore

#1959 - chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1958 - chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1957 - chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#1956 - Possible FP - CVE-2019-10222 ceph in ec2 linux

Issue - State: open - Opened by tomersein 5 months ago - 5 comments
Labels: bug

#1955 - chore(deps): bump github.com/charmbracelet/bubbletea from 0.26.4 to 0.26.5

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, go

#1954 - chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, github_actions

#1953 - chore: enable dependabot to keep boostrap action updated

Pull Request - State: closed - Opened by westonsteimel 5 months ago
Labels: changelog-ignore

#1952 - False positive: GHSA-v845-jxx5-vc9f (CVE-2023-43804) GHSA-g4mx-q9vg-27p4 (CVE-2023-45803) python3-urllib3 in SLES 15.5 Ecosystem

Issue - State: open - Opened by sekveaja 5 months ago - 1 comment
Labels: bug, blocked

#1951 - Grype appears to be writing v1.6 spec cyclonedx files that grype itself cannot read (affects 0.79.0+)

Issue - State: closed - Opened by ragaskar 5 months ago - 10 comments
Labels: bug, changelog-ignore

#1950 - fix: use location `RealPath` not `String()` for match sorting

Pull Request - State: closed - Opened by luhring 5 months ago
Labels: bug

#1949 - chore: update CI to install golang at latest version

Pull Request - State: closed - Opened by spiffcs 5 months ago

#1948 - chore(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, go

#1947 - chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, go

#1946 - feat: pass thru the cpe source if available

Pull Request - State: open - Opened by zhill 6 months ago - 1 comment

#1945 - chore: Update syft v1.7.0

Pull Request - State: closed - Opened by spiffcs 6 months ago
Labels: changelog-ignore

#1944 - fix match sort ordering for different locations

Pull Request - State: closed - Opened by luhring 6 months ago
Labels: bug

#1943 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 6 months ago
Labels: dependencies

#1942 - chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.0+incompatible

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: dependencies, go

#1941 - chore(deps): bump actions/checkout from 4.1.6 to 4.1.7

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, github_actions

#1940 - chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, github_actions

#1939 - grype db is not being downloaded

Issue - State: closed - Opened by tomersein 6 months ago - 18 comments
Labels: bug, database

#1938 - Can you control the internal format used by Syft when scanning a directory?

Issue - State: closed - Opened by tomasr 6 months ago - 10 comments
Labels: enhancement

#1937 - False positive: GHSA-m2qf-hxjv-5gpq (CVE-2023-30861) python3-Flash in SLES 15.5 Ecosystem

Issue - State: open - Opened by sekveaja 6 months ago - 1 comment
Labels: bug, blocked

#1936 - False positive: GHSA-xg9f-g7g7-2323 (CVE-2023-25577) python3-Werkzeug in SLES 15.5 Ecosystem

Issue - State: open - Opened by sekveaja 6 months ago - 2 comments
Labels: bug, blocked

#1935 - False positive: GHSA-3ww4-gg4f-jr7f(CVE-2023-50782),GHSA-x4qr-2fvf-3mr5 (CVE-2023-0286), GHSA-jfhm-5ghh-2f97 (CVE-2023-49083), GHSA-w7pp-m8wf-vj6r (CVE-2023-23931) GHSA-9v9h-cgj8-h64p (CVE-2024-0727) in SLES 15.5 Ecosystem but trigger by cryptography

Issue - State: open - Opened by sekveaja 6 months ago
Labels: bug, false-positive

GitHub / anchore/grype issues and pull requests