2 Releases published by 1 person

• v0.88.0

  published Mar 5, 2025

• v0.89.0

  published Mar 6, 2025

17 Pull requests merged by 5 people

• fix: exclude self from related vulnerability list

  #2515 merged Mar 7, 2025

• chore(deps): bump github.com/muesli/termenv from 0.15.2 to 0.16.0

  #2509 merged Mar 6, 2025

• chore(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0

  #2510 merged Mar 6, 2025

• Allow for reading listing from local FS

  #2508 merged Mar 6, 2025

• chore(deps): bump golang.org/x/time from 0.10.0 to 0.11.0

  #2503 merged Mar 6, 2025

• chore(deps): update tools to latest versions

  #2506 merged Mar 6, 2025

• Add suggested fixed version when there are multiple fixes available

  #2271 merged Mar 6, 2025

• Remove v6 development configuration

  #2504 merged Mar 5, 2025

• Enumerate version ranges within a single match (don't duplicate)

  #2502 merged Mar 5, 2025

• Fix CPE target software filtering + improve logging

  #2494 merged Mar 5, 2025

• chore(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8

  #2501 merged Mar 4, 2025

• test: update quality gate db to latest version

  #2495 merged Mar 4, 2025

• chore(deps): update tools to latest versions

  #2496 merged Mar 4, 2025

• Ensure azurelinux ids get same version processing as mariner

  #2499 merged Mar 3, 2025

• Ensure azure linux has 0 minor version

  #2498 merged Mar 3, 2025

• Cover mariner and ubuntu namespace conversion

  #2497 merged Mar 3, 2025

• Add KEV & EPSS to db search schema

  #2481 merged Mar 2, 2025

3 Pull requests opened by 3 people

• chore(deps): update tools to latest versions

  #2512 opened Mar 7, 2025

• feat: adds ability to specify wildcard for distro version

  #2516 opened Mar 8, 2025

• fix(java): ensure fatal error from maven search bubbles up

  #2518 opened Mar 8, 2025

7 Issues closed by 4 people

• Grype results set a vulnerability as its own related vulnerability

  #2514 closed Mar 7, 2025

• failed to load vulnerability db: database does not exist

  #2505 closed Mar 6, 2025

• Check for vulnerability database update failed with `unsupported protocol scheme` when referencing local file

  #2507 closed Mar 6, 2025

• Show suggested fixed version when there are multiple listed

  #2264 closed Mar 6, 2025

• Grype Does Not Clean TMPDIR When Running in a Docker Container

  #2500 closed Mar 3, 2025

• DB diff vulnerability metadata

  #2443 closed Mar 3, 2025

• Grype exits with error on JSON output with PURL input

  #2360 closed Mar 3, 2025

3 Issues opened by 3 people

• Grype can't update DB in docker volume (regression)

  #2517 opened Mar 8, 2025

• Latest version of grype with V6 schema lists incorrect URL for v6 database

  #2513 opened Mar 7, 2025

• Does not fill in the Level field of the SARIF result object

  #2511 opened Mar 6, 2025

11 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• False positive of CVE-2022-32511 on apk package py3-jmespath

  #2348 commented on Mar 3, 2025 • 0 new comments

• False Positive: GHSA-gf2q-j2qq-pjf2(CVE-2012-3542) GHSA-mrxv-65rv-6hxq (CVE-2012-4413) GHSA-qvpr-qm6w-6rcc (CVE-2012-5571) keystone 18.x.x, recommend fixed with 2012.x older versioning convention

  #2289 commented on Mar 3, 2025 • 0 new comments

• False positive: GHSA-g3rq-g295-4j3m (CVE-2020-28493), GHSA-h75v-3vvj-5mfj (CVE-2024-34064), GHSA-h5c8-rqwp-cp95 (CVE-2024-22195) python3-Jinja2 in SLES 15.5 Ecosystem, noise from Syft

  #1988 commented on Mar 4, 2025 • 0 new comments

• RFC: Explicit reporting of negative matches

  #1426 commented on Mar 4, 2025 • 0 new comments

• Add published field in output

  #2489 commented on Mar 5, 2025 • 0 new comments

• Main Component Version gets lost from CycloneDX when throwing Grype at it

  #2418 commented on Mar 5, 2025 • 0 new comments

• Support for Fedora CoreOS 36 -> OKD/OpenShift

  #1865 commented on Mar 6, 2025 • 0 new comments

• Support using VEX documents with directory scans and SBOMs

  #2471 commented on Mar 6, 2025 • 0 new comments

• CVE-2024-53104 (Redhat 9.4)

  #2446 commented on Mar 7, 2025 • 0 new comments

• VEX Autodiscovery!

  #1619 commented on Mar 4, 2025 • 0 new comments

• Add support for the Mageia distro

  #2449 commented on Mar 6, 2025 • 0 new comments