Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: grype | Distribution: openSUSE Tumbleweed |
Version: 0.101.1 | Vendor: openSUSE |
Release: 1.1 | Build date: Fri Oct 17 07:49:23 2025 |
Group: Unspecified | Build host: reproducible |
Size: 86191511 | Source RPM: grype-0.101.1-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://github.com/anchore/grype | |
Summary: A vulnerability scanner for container images and filesystems |
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
Apache-2.0
* Fri Oct 17 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.101.1: * Bug Fixes - Panic error scanning images with v0.101.0 on some java dependencies [#3002] * Dependencies - chore(deps): update anchore dependencies (#3005) - chore(deps): update tools to latest versions (#3003) * Fri Oct 17 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.101.0: * Added Features - Add cyclonedx to RpmMetadata [#2935 @sfc-gh-rmaj] - grype db search can filter by fixed state [#2968 @willmurphyscode] - Support using VEX documents with directory scans and SBOMs [#2471 #2811 @alegrey91] * Bug Fixes - Issue installing Grype using documented curl command [#2985] - Advisory ID blank in JSON output [#2965] * Additional Changes - update flags with v3 to not use default config [#3000 @spiffcs] - fix Cosign documentation URL in installer [#2995 @lime] - set advisory id again [#2979 @willmurphyscode] - add db schema validation [#2962 @willmurphyscode] * Dependencies - chore(deps): bump actions/cache from 4.2.4 to 4.3.0 (#2957) - chore(deps): bump actions/cache in /.github/actions/bootstrap (#2958) - chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 (#2947) - chore(deps): bump docker/login-action from 3.5.0 to 3.6.0 (#2961) - chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.2 to 0.9.3 (#2971) - chore(deps): bump github.com/charmbracelet/bubbletea (#2952) - chore(deps): bump github.com/docker/docker (#2974) - chore(deps): bump github.com/docker/docker (#2982) - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.14 to 0.5.15 (#2950) - chore(deps): bump github.com/gohugoio/hashstructure from 0.5.0 to 0.6.0 (#2989) - chore(deps): bump github.com/hashicorp/go-getter from 1.8.0 to 1.8.1 (#2951) - chore(deps): bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 (#2975) - chore(deps): bump github.com/olekukonko/tablewriter from 1.0.9 to 1.1.0 (#2954) - chore(deps): bump github.com/openvex/go-vex from 0.2.6 to 0.2.7 (#2946) - chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 (#2959) - chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 (#2963) - chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 (#2972) - chore(deps): bump github/codeql-action from 3.30.6 to 4.30.7 (#2984) - chore(deps): bump github/codeql-action from 4.30.7 to 4.30.8 (#2994) - chore(deps): bump golang.org/x/time from 0.13.0 to 0.14.0 (#2983) - chore(deps): bump golang.org/x/tools from 0.37.0 to 0.38.0 (#2990) - chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#2970) - chore(deps): update anchore dependencies (#2996) - chore(deps): update tools to latest versions (#2945) - chore(deps): update tools to latest versions (#2949) - chore(deps): update tools to latest versions (#2953) - chore(deps): update tools to latest versions (#2956) - chore(deps): update tools to latest versions (#2966) - chore(deps): update tools to latest versions (#2981) * Thu Sep 18 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.100.0: * Added Features - Add unaffected package and CPE stores [#2888 @wagoodman] - use unaffected match table to remove appropriate vulns [#2886 @CrosleyZack] * Dependencies - chore(deps): update anchore dependencies (#2944) - chore(deps): bump golang.org/x/tools from 0.36.0 to 0.37.0 (#2938) - chore(deps): update tools to latest versions (#2940) - chore(deps): bump gorm.io/gorm from 1.30.5 to 1.31.0 (#2936) - chore(deps): bump 8398a7/action-slack from 3.18.0 to 3.19.0 (#2941) - chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 (#2942) - chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 (#2943) - chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.8 to 1.3.9 (#2937) - chore(deps): bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.0 (#2923) - chore(deps): bump gorm.io/gorm from 1.30.3 to 1.30.5 (#2925) - chore(deps): bump github.com/openvex/go-vex from 0.2.5 to 0.2.6 (#2922) - chore(deps): bump github.com/spf13/afero from 1.14.0 to 1.15.0 (#2928) - chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.6 to 1.3.8 (#2929) - chore(deps): update tools to latest versions (#2931) - chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 (#2934) - chore(deps): bump golang.org/x/time from 0.12.0 to 0.13.0 (#2926) - chore(deps): bump github.com/docker/docker (#2911) - chore(deps): bump gorm.io/gorm from 1.30.2 to 1.30.3 (#2913) - chore(deps): bump actions/github-script from 7 to 8 (#2914) - chore(deps): bump actions/setup-python in /.github/actions/bootstrap (#2915) - chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#2916) - chore(deps): bump github/codeql-action from 3.30.0 to 3.30.1 (#2920) - chore(deps): update tools to latest versions (#2909) - chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#2907) - chore(deps): bump github.com/ulikunitz/xz from 0.5.13 to 0.5.15 (#2903) - chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 (#2908) * Tue Sep 02 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.99.1: * Bug Fixes - Present fix available version in grype JSON output [#2905 @wagoodman] - detect patch numbers in fuzzy version comparison [#2844 @willmurphyscode] - Make timestamp in output configurable (so that results are more reproducible) [#522 #2724 @gabetrau] - Grype .98 misidentifies the container package version [#2884] * Dependencies - chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 (#2898) - chore(deps): bump gorm.io/gorm from 1.30.1 to 1.30.2 (#2899) - chore(deps): bump github.com/gookit/color from 1.5.4 to 1.6.0 (#2900) * Thu Aug 28 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.99.0: * Added Features - Add fix availability information to DB schema [#2862 @wagoodman] - Add support vulnerability matching for raspbian [#2893 @westonsteimel] - Add Vex CSAF support [#1826 @juan131] * Bug Fixes - include channel in grype db search output [#2873 @willmurphyscode] - add UnmarshalJSON to fix availability blob [#2889 @willmurphyscode] - Grype misdetect Grafana version [#2783] * Breaking Changes - CSAF support [#1826 @juan131] * Dependencies - chore(deps): update anchore dependencies (#2896) - chore(deps): update anchore dependencies (#2895) - chore(deps): bump github.com/gabriel-vasile/mimetype (#2891) - chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 (#2892) - chore(deps): update tools to latest versions (#2887) - chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 (#2885) - chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.13 (#2882) - chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10 (#2879) - chore(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 (#2875) - chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5 (#2872) - chore(deps): update tools to latest versions (#2870) - chore(deps): bump github.com/anchore/syft from 1.30.0 to 1.31.0 (#2868) - chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 (#2869) * Tue Aug 19 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.98.0: * chore(deps): update Syft to v1.31.0 (#2867) * chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 (#2865) * chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#2864) * feat(debian): move debian 13 (trixie) to released and debian 14 (forky) to testing/sid/unstable (#2861) * Sun Aug 10 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.97.2: * Added Features - new syft version adds binary classifier for hashicorp vault [#4121 @willmurphyscode] * Bug Fixes - fix: update syft's nondeterministic Java archive purl and improve groupID for better matching [#3521 #4118 @kzantow] * Dependencies - chore(deps): update anchore dependencies (#2860) - chore(deps): bump docker/login-action from 3.4.0 to 3.5.0 (#2848) - chore(deps): bump actions/cache in /.github/actions/bootstrap (#2854) - chore(deps): bump github/codeql-action from 3.29.6 to 3.29.8 (#2857) - chore(deps): bump golang.org/x/tools from 0.35.0 to 0.36.0 (#2859) - chore(deps): bump actions/cache from 4.2.3 to 4.2.4 (#2855) - chore(deps): bump github/codeql-action from 3.29.5 to 3.29.6 (#2856) - chore(deps): update tools to latest versions (#2839) * Sun Aug 03 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.97.1: * Bug Fixes - Multiple EUS advisories where only some are fixed result in unexpected vulnerabilities [#2840 #2841 @kzantow] * Fri Aug 01 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.97.0: * Added Features - Add support for RHEL EUS [#2446 #2787 @wagoodman] * Bug Fixes - Error scanning snap "unsupported source: source.SnapMetadata" [#2819 #2821 @kzantow] * Additional Changes - add channel to os / distro [#2782 @wagoodman] * Dependencies - chore(deps): update anchore dependencies (#2835) - chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 (#2837) - chore(deps): bump github.com/docker/docker (#2831) - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13 to 0.5.14 (#2832) - chore(deps): bump github.com/olekukonko/tablewriter from 1.0.8 to 1.0.9 (#2829) - chore(deps): update tools to latest versions (#2826) - chore(deps): update tools to latest versions (#2824) - chore(deps): bump gorm.io/gorm from 1.30.0 to 1.30.1 (#2825) - chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 (#2823) - chore(deps): update tools to latest versions (#2817) - chore(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4 (#2820) * Thu Jul 24 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.96.1: * chore(deps): update anchore dependencies (#2815) * chore: revert credentials persistence for release (#2816) * chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#2814) * chore(deps): update tools to latest versions (#2806) * chore(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2 (#2808) * create ignore regexs conditionally (#2805) * chore: lint gh actions (#2804) * chore(deps): update tools to latest versions (#2801) * Wed Jul 16 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.96.0: * Added Features - Added the EPSS score and KEV indications as CycloneDX vulnerabilities.ratings entries [#2695 #2765 @AlinaPodoba] * Bug Fixes - The go run and go install broken due to useless redirect directive in go.mod [#2777 #2780 @stefanb] - EPSS implementation using percentile instead of percent probability [#2778 #2785 @wagoodman] - Latest version of grype with V6 schema lists incorrect URL for v6 database [#2513] * Additional Changes - Add more detail around cataloging and DB load log statements [#2779 @wagoodman] - add version set and combined constraint [#2763 @wagoodman] - add v6 OS store [#2766 @wagoodman] * Dependencies - chore(deps): update tools to latest versions (#2792) - chore(deps): bump golang.org/x/tools from 0.34.0 to 0.35.0 (#2799) - chore(deps): bump github.com/docker/docker (#2795) - chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.5 to 1.3.6 (#2790) - chore(deps): bump github.com/olekukonko/tablewriter from 1.0.7 to 1.0.8 (#2781) - chore(deps): bump github.com/docker/docker (#2775) - chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 (#2776) * Thu Jul 03 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.95.0: * Added Features - Add string severity to db search json results [#2730 @wagoodman] - Add package specifier overrides for kb, dpkg, and apkg [#2742 @westonsteimel] * Bug Fixes - show related NVD records for non-NVD matches [#2755 @kzantow] - assume that a vulnerability with no ranges is always vulnerable [#2759 @wagoodman] - DB should hydrate for when the client has new features [#2758 @wagoodman] - show relationship back to NVD for all CVE ids [#2756 @westonsteimel] - properly escape CPE segments [#2731 @kzantow] - msrc matcher should search by package ecosystem, not by distro [#2748 @westonsteimel] - Grype does not report any vulnerabilities for CPEs with target_sw field set to value that does not correspond to known package type [#2768 #2772 @willmurphyscode] - malformed CPE in grype db search output [#2767 #2769 @westonsteimel] - vex documents from the --vex flag do get processed or applied to the output correctly [#1836 #2741 @willmurphyscode] * Additional Changes - replace deprecated GoReleaser configurations [#2729 @emmanuel-ferdman] - specify types for all match details [#2762 @wagoodman] - Refactor the version package [#2735 @wagoodman] * Dependencies - chore(deps): update anchore dependencies (#2773) - chore(deps): update anchore dependencies (#2771) - chore(deps): update tools to latest versions (#2751) - chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2 (#2760) - chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1 (#2757) - chore(deps): bump github.com/docker/docker (#2753) - chore(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.1 (#2749) - chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 (#2732) - chore(deps): bump github.com/google/go-containerregistry (#2733) - chore(deps): bump github.com/go-viper/mapstructure/v2 (#2734) - chore(deps): update tools to latest versions (#2736) - chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 (#2727) * Fri Jun 13 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.94.0: * Added Features - Add echo os to grype [#2647 @orizerah] * Bug Fixes - Nonroot can't load local docker image with docker socket bind [#2721 #2723 @kzantow] - "Harden Container Runtime with Non-Root User" breaks --output usage [#2720 #2723 @kzantow] * Dependencies - chore(deps): update anchore dependencies (#2726) - chore(deps): update tools to latest versions (#2722) * Wed Jun 11 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.93.0: * Added Features - Add support for MinimOS [#2627 @Daniel-Wachter] - Use the upstream Bitmani vulndb data for matching [#1609 [#2538] @juan131] - Support rubygems specific version comparision [#2646 #2712 @willmurphyscode] * Bug Fixes - Harden Container Runtime with Non-Root User [#2716 @wagoodman] - valid cpes in db search output [#2706 @westonsteimel] - Always show results with json output for db search commands [#2692 @wagoodman] - False positive: CVE-2025-5702 reported with High severity on glibc 2.34 (wrong severity and affected version) [#2718] * Dependencies - chore(deps): update anchore dependencies (#2719) - chore(deps): update tools to latest versions (#2717) - chore(deps): bump golang.org/x/tools from 0.33.0 to 0.34.0 (#2713) - chore(deps): bump github.com/sergi/go-diff (#2714) - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.12 to 0.5.13 (#2708) - chore(deps): bump golang.org/x/time from 0.11.0 to 0.12.0 (#2709) - chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19 (#2704) - chore(deps): update tools to latest versions (#2696) - chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#2703) - chore(deps): bump github.com/docker/docker (#2702) - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.11 to 0.5.12 (#2693) - chore(deps): bump github.com/docker/docker (#2694) - chore(deps): update tools to latest versions (#2679) - chore(deps): bump github.com/google/go-containerregistry (#2681) - chore(deps): bump gorm.io/gorm from 1.26.1 to 1.30.0 (#2687) - chore(deps): bump github.com/anchore/syft from 1.26.0 to 1.26.1 (#2678) * Wed May 21 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.92.2: * Bug Fixes - unpin dockerfile base images to prevent wget TLS errors [#2671 @spiffcs] - Parse java group ID and artifact ID from PURL when missing [#2675 @wagoodman] - Grype can't update DB in docker volume (regression) [#2517 [#2672] @willmurphyscode] * Additional Changes - Remove getDB() from the v6 DB reader [#2669 @wagoodman] * Dependencies - chore(deps): update anchore dependencies (#2676) - chore(deps): update tools to latest versions (#2673) * Sat May 17 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.92.1: * Dependencies - chore(deps): update anchore dependencies (#2668) - chore(deps): bump anchore/sbom-action from 0.19.0 to 0.20.0 (#2664) - chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 (#2665) * Thu May 15 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.92.0: https://github.com/anchore/grype/compare/v0.91.2...v0.92.0 * Added Features - improve html template [#2635 @OnceUponALoop] - Add EPSS metrics to grype results [#1973 #2587 @wagoodman] - Show indication of known exploited vulnerabilities (from CISA) [#1511 #2587 @wagoodman] * Bug Fixes - adjust namespace translation logic to be v5 compatible [#2634 @westonsteimel] - fall back to fuzzy constraint units [#2651 @willmurphyscode] - adjust version prefix check when excluding overlapping packages [#2653 @westonsteimel] - Dropping group from npm package names leads to false positives [#2554 #2645 @kzantow] - Potential regression in CVE detection from 0.87.0 (v5 schema) to 0.88.0 (v6 schema) for go-module detection [#2642] - Removal of temporary files not working on Windows [#2233 [#2657] @popey] - @jridgewell/gen-mapping incorrectly attributed GHSA-8rmg-jf7p-4p22 [#1886 #2645 @kzantow] - Vulnerability reported on @group/name dependency when actual vulnerability exists on name dependency [#1701 #2645 @kzantow] - Grype false negatives in versions v0.88.0 and later leading to missed critical vulnerabilities [#2628 #2645 @kzantow] - PHP pecl redis mixes with redis project itself and creates false positive cve [#1804] - False Positive: Openssl CVE-2022-2068, CVE-2022-1292, CVE-2021-3711 in SUSE Enterprise 15 SP5 [#1729] - Grype does not handle purl file input with packages from different distributions [#2630 #2639 @chovanecadam] - grype pkg:golang/k8s.io/ingress-nginx@v1.11.2 does not show cve [#2580 #2586 @goatwu1993] * Fri Apr 25 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.91.2: * chore(deps): update anchore dependencies (#2622) * chore(deps): update tools to latest versions (#2619) * fix: only fallback to language if language is non-blank (#2621) * Fri Apr 25 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.91.1: * Bug Fixes - Assume that empty versions should match on all possible versions [#2591 @wagoodman] - Fix severity field in db search vuln [#2589 @wagoodman] - Recover from panic within a matcher [#2590 @wagoodman] - Should only check maven central if pom info is missing [#2216 [#2547] @tdunlap607] - grype db search GHSA-mrrh-fwg8-r2c3 doesn't return results [#2530] - Grype stopped reporting vulnerabilities after upgrade [#2608 [#2610] @willmurphyscode] - Grype does not handle cache-dir containing ~ correctly [#2599 [#2600] @kzantow] - Grype should expand ~ in paths in config file [#2024 #2600 @kzantow] - False Positive: Multiple old CVEs in chromium 134.0.6998.117 for apk ecosystem [#2581] - Missing grype DB update from 20250411 [#2593] - Does not fill in the Level field of the SARIF result object [#2511 #2571 @bdovaz] * Additional Changes - add timing info to log output [#2597 @kzantow] - Replace os.ReadDir with afero.ReadDir for consistency [#2579 @joe-ton] * Dependencies - chore(deps): update anchore dependencies (#2616) - chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#2611) - chore(deps): bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#2612) - chore(deps): bump actions/setup-python in /.github/actions/bootstrap (#2614) - chore(deps): update tools to latest versions (#2613) - chore(deps): update tools to latest versions (#2609) - chore(deps): bump github.com/docker/docker (#2604) - chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.8 to 1.4.9 (#2605) - chore(deps): bump github.com/docker/docker (#2602) - chore(deps): update tools to latest versions (#2595) - chore(deps): bump github.com/anchore/stereoscope from 0.1.2 to 0.1.3 (#2598) - chore(deps): update tools to latest versions (#2583) - chore(deps): bump github/codeql-action from 3.28.13 to 3.28.15 (#2584) - chore(deps): bump golang.org/x/tools from 0.31.0 to 0.32.0 (#2585) - chore(deps): update tools to latest versions (#2561) * Tue Apr 01 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 0.91.0: * Added Features - Add v5 namespace emulation to db search output [#2539 @wagoodman] - Add CVSS metrics in search JSON output [#2568 @wagoodman] - Exit with a different return code for a failed scan [#1922] * Bug Fixes - Use data driven approach when detecting Alpine:edge and Debian:sid [#2556 @wagoodman] - db list should render out full URLs for text format [#2553 @wagoodman] - grype db import fails since v0.88 and above [#2542 #2546 @kzantow] * Dependencies - chore(deps): update anchore dependencies (#2570) - chore(deps): bump actions/setup-python in /.github/actions/bootstrap (#2564) - chore(deps): bump actions/cache in /.github/actions/bootstrap (#2549) - chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 (#2551) - chore(deps): bump actions/cache from 4.2.2 to 4.2.3 (#2552) - chore(deps): bump github/codeql-action from 3.28.12 to 3.28.13 (#2562) - chore(deps): bump github.com/docker/docker (#2565) - chore(deps): bump 8398a7/action-slack from 3.16.2 to 3.18.0 (#2567) - chore(deps): update tools to latest versions (#2536) - chore(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 (#2535) - chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#2543) - chore(deps): bump github/codeql-action from 3.28.11 to 3.28.12 (#2544) - chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#2545) * Tue Mar 18 2025 opensuse_buildservice@ojkastl.de - Update to version 0.90.0: * chore(deps): update anchore dependencies (#2533) * feat: specify distro without version (#2534) * import DB from URL (#2532) * Improve DB metadata regarding data provenance (#2529) * chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#2519) * chore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0 to 1.1.0 (#2525) * chore(deps): update tools to latest versions (#2512) * chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 (#2528) * Fri Mar 14 2025 opensuse_buildservice@ojkastl.de - Update to version 0.89.1: * fix: populate vulnerability.Metadata.DataSource with first reference URL (#2523) * fix(java): ensure fatal error from maven search bubbles up (#2518) * fix: exclude self from related vulnerability list (#2515) * Fri Mar 07 2025 opensuse_buildservice@ojkastl.de - Update to version 0.89.0: * chore(deps): bump github.com/muesli/termenv from 0.15.2 to 0.16.0 (#2509) * chore(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0 (#2510) * fix regression to allow for reading listing from local FS (#2508) * chore(deps): bump golang.org/x/time from 0.10.0 to 0.11.0 (#2503) * chore(deps): update tools to latest versions (#2506) * Add suggested fixed version when there are multiple fixes available (#2271) * remove v6 development configuration (#2504) * Thu Mar 06 2025 opensuse_buildservice@ojkastl.de - Update to version 0.88.0: * Enumerate version ranges within a single match (don't duplicate) (#2502) * Fix CPE target software filtering + improve logging (#2494) * chore(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (#2501) * test: update quality gate db to latest version (#2495) * chore(deps): update tools to latest versions (#2496) * ensure azurelinux ids get same version processing as mariner (#2499) * ensure azure linux has 0 minor version (#2498) * cover mariner and ubuntu namespace conversion (#2497) * Add KEV & EPSS to db search schema (#2481) * Refactor presenters to use static model over dynamic lookups (#2492) * feat: enable v6 database (#2439) * fix(java): error out on maven search rate limiting (#2460) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.3 to 1.3.4 (#2484) * chore(deps): bump github.com/docker/docker (#2485) * chore(deps): bump actions/cache in /.github/actions/bootstrap (#2490) * chore(deps): bump actions/cache from 4.2.1 to 4.2.2 (#2491) * chore(deps): update tools to latest versions (#2487) * fix: golang 1.24 version handling (#2486) * chore: update syft to 1.20 (#2473) * chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#2477) * chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#2475) * chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 (#2478) * chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (#2479) * chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 (#2480) * Add EPSS models to the v6 DB (#2472) * fix: add explicit igore for problematic CVE-2023-45853 (#2474) * Add KEV information to v6 DB (#2464) * Add CPE provider (#2463) * chore(deps): bump actions/cache in /.github/actions/bootstrap (#2467) * chore(deps): bump actions/cache from 4.2.0 to 4.2.1 (#2469) * detect when DB rehydration is necessary (#2470) * chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (#2468) * chore(deps): update tools to latest versions (#2465) * chore(deps): bump github.com/docker/docker (#2466) * chore(deps): update tools to latest versions (#2433) * chore: update rpm modularity to string pointer (#2458) * fix jenkins plugins (#2457) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.10 to 0.5.11 (#2453) * chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#2454) * Additional ecosystem related v6 fixes (#2450) * chore(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0 (#2437) * add language mapping to konwn pkg spec override (#2448) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.2 to 1.3.3 (#2447) * feat: update to go 1.24.x (#2441) * Add more logging and fix search by CPE (#2444) * fix: only log matcher errors (#2442) * chore: update runners to ubuntu-24.04 (#2440) * fix: exclude unknown packages from CPE target software component filter logic (#2438) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.0 to 1.3.2 (#2436) * More complete severity parsing for v6 DBs (#2431) * remove DB v3 and v4 schema code (#2435) * feat: v6 database support, updated matcher interfaces (#2311) * add optional ID to reference + advisory tag const (#2432) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.9 to 0.5.10 (#2430) * chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 (#2429) * chore(deps): bump golang.org/x/time from 0.9.0 to 0.10.0 (#2424) * chore(deps): update tools to latest versions (#2425) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4 to 1.3.0 (#2426) * chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#2427) * test: update quality gate db to latest version (#2420) * chore(deps): update tools to latest versions (#2419) * docs(config): add GRYPE_CONFIG docs (#2380) * feat: output compact JSON by default with option for pretty format (#2406) * chore(deps): update tools to latest versions (#2417) * chore(deps): bump github/codeql-action from 3.28.7 to 3.28.8 (#2416) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.8 to 0.5.9 (#2413) * docs: flip descriptions to correct documentation (#2414) * chore(deps): bump github/codeql-action from 3.28.6 to 3.28.7 (#2415) * chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6 (#2410) * chore(deps): bump actions/setup-python in /.github/actions/bootstrap (#2411) * feat(external-sources): make maven rate limit configurable (#2397) * chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 (#2407) * chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 (#2405) * chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (#2404) * Performance enhancements for DB v6 writes (#2394) * chore(deps): update tools to latest versions (#2395) * chore(deps): bump actions/setup-python in /.github/actions/bootstrap (#2398) * chore(deps): bump actions/cache in /.github/actions/bootstrap (#2400) * chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#2399) * chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3 (#2401) * chore(deps): bump github.com/docker/docker (#2402) * chore(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#2403) * chore(ci): fix composite GitHub action path in dependabot config (#2396) * Thu Jan 23 2025 opensuse_buildservice@ojkastl.de - Update to version 0.87.0: * chore(deps): update anchore dependencies (#2388) * external-sources: throttle requests to maven central to avoid being rate limited for large sets of java dependencies (#2384) * chore(deps): bump github.com/aquasecurity/go-pep440-version (#2391) * chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2 (#2390) * chore(deps): bump github.com/anchore/stereoscope from 0.0.12 to 0.0.13 (#2392) * chore(deps): update tools to latest versions (#2389) * chore(deps): bump github.com/invopop/jsonschema from 0.7.0 to 0.13.0 (#2378) * chore(deps): update tools to latest versions (#2381) * chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#2386) * remove db debug statements for v6 (#2387) * chore: disable v1 images in quality tests (#2385) * Add package spec alias + case insensitivity for v6 DBs (#2376) * chore(deps): bump github.com/google/go-containerregistry (#2377) * chore(deps): bump golang.org/x/tools from 0.23.0 to 0.29.0 (#2379) * fix: upstream match for linux-.*-headers-.* (#2320) * chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#2371) * chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 (#2370) * chore(deps): bump github.com/anchore/stereoscope from 0.0.11 to 0.0.12 (#2369) * chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0 (#2368) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.6 to 1.7.8 (#2374) * Enhance v6 search command (#2303) * chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 (#2372) * feat: add OpenVEX matching on local package name + tags (#2355) * use v6 vuln status enum (#2366) * Clean up config help text (#2347) * have aliases for non standard names (#2352) * chore(deps): update tools to latest versions (#2364) * chore(deps): update tools to latest versions (#2362) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.7 to 1.4.8 (#2363) * chore(deps): update tools to latest versions (#2361) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.8 (#2353) * chore(deps): bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#2354) * test: update quality gate db to latest version (#2358) * chore(deps): update tools to latest versions (#2359) * have aliases for non standard names (#2351) * finalize label version and add release id to OS model (#2349) * chore(deps): update tools to latest versions (#2346) * chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 (#2350) * do not warn if DB missing (#2341) * Allow v6 store to support multiple qualifiers (#2338) * chore(deps): bump github.com/docker/docker (#2339) * chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 (#2340) * Drop DB v6 indexes on close (#2335) * chore(deps): bump anchore/sbom-action from 0.17.8 to 0.17.9 (#2334) * Sat Dec 14 2024 opensuse_buildservice@ojkastl.de - Update to version 0.86.1: * chore(deps): update anchore dependencies (#2331) * chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9 (#2330) * fix: do not panic on cdx/sairf output from PURL file (#2328) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 (#2329) * chore: move v5-specific interfaces and implementations to the v5 package (#2322) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#2323) * docs: fix link to cosign documentation (#2321) * deduplicate vulns on store write (#2319) * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2317) * chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#2318) * add update anchore dependencies workflow (#2312) * chore: replace archiver with anchore fork (#2313) * chore(deps): bump github.com/docker/docker (#2310) * chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7 (#2309) * Tue Dec 10 2024 opensuse_buildservice@ojkastl.de - Update to version 0.86.0: * chore(deps): update anchore dependencies (#2308) * chore(deps): update tools to latest versions (#2307) * chore(deps): update tools to latest versions (#2305) * chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#2306) * add initial os aliases to the DB after migration (#2301) * latest doc from reader should allow for empty (#2294) * Migrate searchable vulnerability data out of v6 blob (#2300) * fix: add PURLs in SARIF report (#2254) * ignore linux-aws-headers-.* as well like linux-headers-.* (#2295) * chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#2296) * chore(deps): update tools to latest versions (#2298) * chore: refactor v5-specific code out of core packages (#2299) * modify store to be one getter-per-noun (#2297) * Add ability to map CPEs directly to packages (v6 schema) (#2285) * Fix DB v6 curator directory creation (#2293) * test: update quality gate db to latest version (#2291) * chore(deps): update tools to latest versions (#2290) * add db v6 feature flag and wire to db commands (#2288) * Simplify v6 distribution material (#2277) * chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8 (#2279) * chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#2284) * chore(deps): update tools to latest versions (#2280) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3 to 1.2.4 (#2283) * note supported grype versions (#2287) * remove support for v1 & v2 schemas (#2278) * allow distro search to be entirely data driven (#2265) * Fri Nov 22 2024 opensuse_buildservice@ojkastl.de - Update to version 0.85.0: * dependencies: latest syft and stereoscope (#2275) * chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#2272) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2 to 1.2.3 (#2273) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7 (#2274) * chore(deps): update tools to latest versions (#2269) * fix: bump clio to fix logging when no tty present (#2268) * chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4 (#2260) * fix failing tests (#2261) * Add v6 DB curator (#2151) * Add affected CPE store (#2258) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2 to 1.2.2 (#2256) * Add AffectedPackage store (#2245) * Add v6 vulnerability & blob stores (#2243) * chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7 (#2238) * chore(deps): bump github.com/anchore/stereoscope (#2246) * chore(deps): bump github/codeql-action from 3.27.0 to 3.27.3 (#2257) * Add v6 distribution client (#2150) * restore log on ui teardown (#2248) * Merge indirect matches with direct matches (#2241) * doc: Add official Grype logo license information (#2244) * add v6 provider store (#2232) * Tue Nov 12 2024 opensuse_buildservice@ojkastl.de - Update to version 0.84.0: * chore(deps): update Syft to v1.16.0 (#2237) * test: update quality gate db to latest version (#2231) * chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3 (#2230) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1 to 1.0.0 (#2228) * fix and cleanup namespace search to account for missing info (#2226) * Remove gentoo integration test (#2227) * Improve purl input (#2223) * chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2 (#2220) * chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6 (#2221) * Tue Oct 29 2024 opensuse_buildservice@ojkastl.de - Update to version 0.83.0: * bump syft to v1.15.0, sterescope to v0.0.5 (#2219) * Add `grype db providers` command (#2174) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1 to 1.1.2 (#2214) * chore(deps): update tools to latest versions (#2213) * docs: update config section to be valid, reference config subcommand (#2218) * chore(deps): bump github.com/charmbracelet/lipgloss (#2207) * chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#2208) * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2209) * chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#2211) * feat: multi-level configuration and profiles (#2194) * chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#2204) * chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 (#2205) * Tue Oct 22 2024 opensuse_buildservice@ojkastl.de - Update to version 0.82.2: * Update to Syft v1.14.2 (#2203) * Updated README.md with correct spellings & phrase. (#2201) * chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (#2198) * chore(deps): update tools to latest versions (#2196) * fix: azurelinux considered as comprehensive distro (#2197) * chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 (#2193) * Tue Oct 15 2024 opensuse_buildservice@ojkastl.de - Update to version 0.82.1: * chore(deps): update Syft to v1.14.1 (#2191) * dependency: bump syft to main pre-release (#2189) * chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#2183) * Skip matching on packages with missing version info (#2182) * chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (#2184) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 (#2185) * Account for implicit 0s in rpm release versions (#2188) * chore: bump syft in quality gate to v1.14.0 (#2187) * use epoch from metadata when missing from version string (#2186) * fix: exclude binary packages from CPE target software component filter logic (#2179) * add release docs (#2177) * chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 (#2176) * chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#2173) * chore(deps): bump actions/cache from 4.0.2 to 4.1.1 (#2172) * [chore] Add mastodon link to README.md (#2166) * chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#2167) * chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#2168) * chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#2169) * Wed Oct 09 2024 opensuse_buildservice@ojkastl.de - Update to version 0.82.0: * chore(deps): update Syft to v1.14.0 (#2164) * fix: use fix info from secDB in APK matcher even if NVD fix info present (#2162) * chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#2159) * chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#2160) * chore(deps): update tools to latest versions (#2157) * Add v6 DB metadata store (#2146) * feat: remove `wordpress` from `known` targets due to wordpress cataloger support syft/#1553 * Add a space following the "Name:" label (#2155) * chore(deps): update tools to latest versions (#2154) * test: update quality gate db to latest version (#2153) * explicitly skip update ts on check failure (#2152) * port over tar/xz decompressors (#2139) * chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#2149) * chore(deps): bump github.com/docker/docker (#2147) * implement a low pass filter for update checks (#2148) * migrate legacy distribution concerns (#2144) * chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#2142) * chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#2145) * Thu Sep 26 2024 opensuse_buildservice@ojkastl.de - Update to version 0.81.0: * add awaiting response management (#2141) * feat: add distro mapping for azure linux 3 (#1848) * Tue Sep 24 2024 opensuse_buildservice@ojkastl.de - Update to version 0.80.2: * chore(deps): update Syft to v1.13.0 (#2140) * Correctly match JVM version ranges (#2114) * chore: switch to yardstick validate from custom gate.py (#2090) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 (#2118) * chore(deps): update tools to latest versions (#2123) * chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#2135) * chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.5 (#2136) * test: fix slice init length (#2133) * fix: hash vuln db only once on load (#2054) * chore: include file specifier in help (#2121) * docs: add mention of file scheme (#2120) * fix(apk): find secdb entries for origin packages (#1602) * chore(deps): update tools to latest versions (#2115) * chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#2113) * chore(deps): update tools to latest versions (#2102) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 (#2109) * chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 (#2111) * Thu Sep 12 2024 opensuse_buildservice@ojkastl.de - Update to version 0.80.1: * chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2 (#2108) * fix: Update gitmodule url (#2106) * chore(deps): bump gorm.io/gorm from 1.25.11 to 1.25.12 (#2103) * chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 (#2105) * chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#2098) * chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 (#2099) * chore(deps): bump github.com/anchore/stereoscope (#2074) * chore(deps): bump github.com/docker/docker (#2086) * chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6 (#2089) * chore(sec): update Golang and runc to latest releases (#2091) CVE-2024-3154 * chore(deps): bump github.com/charmbracelet/bubbletea (#2092) * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 (#2093) * test: update quality gate db to latest version (#2094) * chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#2096) * chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 (#2097) * chore(deps): update tools to latest versions (#2082) * docs(templates): escape description in junit.tmpl (#2088) * chore(deps): update tools to latest versions (#2080) * chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#2078) * chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#2079) * chore(deps): update tools to latest versions (#2072) * chore(deps): bump github.com/charmbracelet/lipgloss (#2073) * chore: bump quality gate vuln match labels data (#2069) * Wed Aug 21 2024 opensuse_buildservice@ojkastl.de - Update to version 0.80.0: * chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#2070) * chore(deps): update Syft to v1.11.1 (#2071) * chore: add grype version to db network operations (#2062) * fix: do not panic when given empty string arg (#2064) * chore(deps): bump github.com/charmbracelet/bubbletea (#2067) * fix: correctly close the db file in v4/v5 stores (#2066) * Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. (#2040) * chore(deps): update tools to latest versions (#2055) * chore(deps): bump github.com/docker/docker (#2052) * fix: fail when grype cant check for db update (#1247) * chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#2053) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 (#2056) * chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#2060) * feat: add db search subcommand (#2031) * Mon Aug 12 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.6: * do not fail when inflating DB records (#2049) * chore: remove quality gate Makefile db age check (#2036) * doc: Updates for the Slack to Discourse migration (#2046) * Mon Aug 12 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.5: * feat: update to Syft 1.11.0 (#2047) * fix: higher default timeout for database download (#2033) * chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#2045) * chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#2035) * chore(deps): update tools to latest versions (#2038) * chore(deps): bump github.com/google/go-containerregistry (#2043) * chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#2044) * test: update quality gate db to latest version (#2034) * chore(deps): update tools to latest versions (#2027) * chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#2028) * chore: add grype version to application update check headers (#2021) * test: update quality gate db to latest version (#2026) * chore: use the .tool/gh for release script (#2022) * Thu Aug 01 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.4: * chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#2016) * chore(deps): update Syft to v1.10.0 (#2019) * chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#2011) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 (#2012) * chore(deps): update tools to latest versions (#2015) * chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#2010) * disable ui before run function on db status (#2008) * chore(deps): bump github.com/docker/docker (#2007) * chore(deps): update tools to latest versions (#2003) * chore(deps): bump github.com/docker/docker (#2000) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5 (#2001) * chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#2002) * chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#1999) * chore: request artifact in issue template (#1996) * chore(deps): update tools to latest versions (#1998) * docs: CODE_OF_CONDUCT.md (#1994) * chore(deps): bump github.com/google/go-containerregistry (#1997) * chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#1992) * chore(deps): update tools to latest versions (#1989) * chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#1990) * chore(deps): bump github.com/charmbracelet/lipgloss (#1991) * Tue Jul 16 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.3: * chore(deps): bump gorm.io/gorm from 1.25.10 to 1.25.11 (#1985) * chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#1981) * chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1982) * chore(deps): update Syft to v1.9.0 (#1986) * fix: correct cpe target software comparison to syft language (#1658) * chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#1977) * docs: update readme with new default format (#1974) * Wed Jul 03 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.2: * chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#1968) * chore(deps): update tools to latest versions (#1969) * test: update quality gate db to latest version (#1972) * chore: pin new sign installer to commit sha (#1966) * chore(deps): bump github.com/charmbracelet/bubbletea (#1963) * chore(deps): update tools to latest versions (#1962) * chore: add workflow to update quality test db (#1961) * chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 (#1957) * chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 (#1958) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#1959) * chore: update test_db_url; remove white space (#1960) * chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#1954) * chore(deps): bump github.com/charmbracelet/bubbletea (#1955) * chore: enable dependabot to keep boostrap action updated (#1953) * fix: use location RealPath not String() (#1950) * Tue Jun 18 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.1: * chore: update CI to install golang at latest version (#1949) * chore(deps): bump github.com/google/go-containerregistry (#1948) * chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#1947) * Sat Jun 15 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.0: * chore: Update syft v1.7.0 (#1945) * chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 (#1940) * chore(deps): update tools to latest versions (#1943) * fix match sort ordering for different locations (#1944) * chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#1941) * Updating maven URLs in README.md (#1934) * sort order for matches should consider fix info (#1933) * chore(deps): update tools to latest versions (#1925) * chore(deps): update tools to latest versions (#1921) * chore(deps): update tools to latest versions (#1919) * chore(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#1920) * feat(signature): Checksum signature verification (#1670) * add skopeo to managed utilities (#1915) * chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#1909) * chore(deps): bump github.com/docker/docker (#1916) * remove dco workflow (#1914) * use dco tool during gh app outage (#1910) * chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#1901) * chore(deps): bump github.com/charmbracelet/bubbletea (#1902) * fix: add note about TMPDIR env var (#1880) * fix: uppercased package in json (#1900) * fix: main mod pseudo version default off (#1894) * chore(deps): update tools to latest versions (#1898) * Thu May 30 2024 opensuse_buildservice@ojkastl.de - Update to version 0.78.0: * update syft to v1.5.0 (#1897) * chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#1896) * Update syft to 1.4.2-0.20240528141306-ac34808b9c55 (#1895) * chore(deps): bump github.com/charmbracelet/lipgloss (#1888) * chore(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#1887) * chore(deps): update tools to latest versions (#1891) * chore(deps): bump github.com/charmbracelet/bubbletea (#1890) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 (#1889) * chore(deps): update tools to latest versions (#1883) * feat: add config command (#1876) * disable TUI for simpler commands (#1872) * chore(deps): bump github.com/docker/docker (#1867) * chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#1868) * chore(deps): update tools to latest versions (#1864) * chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 (#1870) * chore(deps): bump anchore/sbom-action from 0.15.11 to 0.16.0 (#1871) * chore(deps): update tools to latest versions (#1862) * chore: add top level permissions to new workflow (#1860) * chore(deps): update tools to latest versions (#1856) * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1858) * chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#1859) * fix: ask catalog for package rather than type asserting (#1857) * Sun May 12 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de> - add completion subpackages - fix version output * Fri May 10 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.4: * Upgrade tool management (#1842) * chore(deps): update Syft to v1.4.0 (#1855) * chore(deps): update bootstrap tools to latest versions (#1852) * chore(deps): bump github.com/charmbracelet/bubbletea (#1853) * chore(deps): bump github.com/docker/docker (#1854) * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1847) * Wed May 08 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.3: * Revert "feat: modify metadata structure for providers' pull date (#1795)" (#1846) * chore(deps): bump github.com/charmbracelet/bubbletea (#1844) * chore(deps): update bootstrap tools to latest versions (#1845) * chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#1840) * chore(deps): bump github.com/charmbracelet/bubbletea (#1841) * chore(deps): bump github.com/docker/docker (#1839) * Thu May 02 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.2: * fix: update ignored vulnerability count in tui (#1837) * fix: update sarif to pass microsoft validator (#1838) * chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#1835) * Fri Apr 26 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.1: * chore(deps): bump gorm.io/gorm from 1.25.9 to 1.25.10 (#1831) * chore(deps): update Syft to v1.3.0 (#1832) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to 0.5.4 (#1824) * chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1823) * chore(deps): bump github.com/anchore/stereoscope (#1825) * chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#1828) * fix: update grype version to support darwin arm64 (#1830) * chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1820) * docs: update README with newer data sources (#1819) * chore(deps): bump github.com/docker/docker (#1821) * Add some more examples for the `config.yaml` file in the README. (#1811) * chore(deps): bump github.com/docker/docker (#1817) * chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#1818) * Fri Apr 19 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.0: * config: add config opt in golang pseudo version main module comparison (#1816) * chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#1814) * feat: modify metadata structure for providers' pull date (#1795) * fix: add linux and libc-dev headers ignore rules for debian packages (#1809) * chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#1808) * feat: add html template (#1806) * fix: use Go main module version (#1797) * Tue Apr 16 2024 opensuse_buildservice@ojkastl.de - Update to version 0.76.0: * fix: adds ignore rules for kernel-headers indirect matches (#1787) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1805) * chore: fix function name in comment (#1798) * chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#1802) * chore(deps): update Syft to v1.2.0 (#1803) * chore(deps): bump github.com/docker/docker (#1800) * chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#1801) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 (#1791) * test: fuzzy version comparison for java versions (#1788) * chore: readme formats updated with sarif option (#1786) * Thu Apr 04 2024 opensuse_buildservice@ojkastl.de - Update to version 0.75.0: * chore: update syft to latest v1.1.1 (#1784) * fix: enable http timeout (#1777) * chore(deps): update bootstrap tools to latest versions (#1781) * chore(deps): update bootstrap tools to latest versions (#1776) * chore(deps): bump gorm.io/gorm from 1.25.8 to 1.25.9 (#1775) * fix: make bootstrap-tools failed (#1739) * fix: use "path/filepath" to build file path (#1767) * update release token from readonly to write token (#1768) * chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 (#1771) * chore(deps): update Syft to v1.1.0 (#1769) * chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#1750) * chore(deps): bump github.com/glebarez/sqlite from 1.10.0 to 1.11.0 (#1751) * chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 (#1753) * chore(deps): bump gorm.io/gorm from 1.25.7 to 1.25.8 (#1756) * chore(deps): bump github.com/google/go-containerregistry (#1754) * chore(deps): update bootstrap tools to latest versions (#1758) * chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#1761) * updating credentials to scoped permissions (#1755) * dont warn on golang devel version (#1752) * chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#1748) * chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 (#1746) * chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#1747) * chore(code-comments): typo (#1745) * chore: slice loop replace (#1738) * chore(deps): update Syft to v1.0.1 (#1742) * chore(deps): bump github.com/anchore/syft from 1.0.0 to 1.0.1 (#1743) * chore(deps): bump github.com/docker/docker (#1744) * chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 (#1740) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#1741) * chore(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1735) * chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1736) * chore(deps): bump github.com/anchore/syft (#1734) * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#1733) * chore: update syft source providers (#1727) * Sat Mar 16 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.7: * chore(deps): update Syft to v0.105.1 (#1728) * fix(install): return appropriate exit codes (#1725) * chore(test): update quality test grype db (#1726) * fix: improve sarif descriptive text and fingerprint (#1720) * chore: remove unused file internal/file/tar.go and its test (#1724) * Added instruction to install with choco (#1716) * chore(deps): update bootstrap tools to latest versions (#1719) * chore: remove unused file internal/logger/logrus.go (#1721) * Thu Feb 15 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.6: * chore(deps): update Syft to v0.105.0 (#1714) * chore(deps): update bootstrap tools to latest versions (#1707) * test(quality): bump label dataset and images (#1712) * fix: only warn missing CPEs if CPEs wanted (#1710) * fix: ensure version output to stdout (#1709) * chore(deps): update bootstrap tools to latest versions (#1706) * Thu Feb 08 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.5: * chore(deps): update Syft to v0.104.0 (#1704) * Bump Syft in Grype to pull in unmarshaling fix (#1703) * chore(deps): bump github.com/docker/docker (#1702) * chore(deps): bump gorm.io/gorm from 1.25.6 to 1.25.7 (#1700) * chore(deps): update bootstrap tools to latest versions (#1698) * chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1699) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#1697) * chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 (#1687) * chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 (#1690) * chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1691) * chore(deps): bump github.com/docker/docker (#1692) * chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#1689) * Thu Feb 01 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.4: * Security fixes: - Upgrade syft to v0.103.1 (#1688) * chore(deps): bump github.com/google/go-containerregistry (#1685) * chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (#1684) * ensure releases only use released versions of syft (#1680) * chore(deps): bump gorm.io/gorm from 1.25.5 to 1.25.6 (#1683) * chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 (#1682) * Fri Jan 26 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.3: * chore(deps): update Syft to v0.102.0 (#1681) * Fix matching when RPM modularity is a factor (#1679) * chore: break assumption that syft cpe.CPE is wfn.Attributes (#1675) * chore(deps): bump github.com/docker/docker (#1677) * chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1678) * chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#1676) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#1674) * fix: take VEX docs into account when --fail-on is set (#1657) * chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (#1671) * Sat Jan 20 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.2: * chore(deps): update Syft to v0.101.1 (#1669) * chore(deps): bump github.com/docker/docker (#1667) * chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (#1666) * chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#1668) * chore(deps): bump github.com/google/go-containerregistry (#1665) * chore: enable automatic approval of dependabot PRs (#1664) * Thu Jan 18 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.1: * chore(deps): update Syft to v0.101.0 (#1663) * upgrade syft with latest SBOM creation API (#1662) * chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#1661) * chore(tests): fix logging configuration in tests (#1655) * chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#1656) * chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#1659) * chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1651) * chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 (#1650) * Sun Jan 07 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.0: * chore(deps): update Syft to v0.100.0 (#1649) * fix: distro FP data not applied correctly (#1603) * chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (#1647) * chore(deps): update bootstrap tools to latest versions (#1644) * docs: fix logging configuration in README (#1646) * Thu Dec 21 2023 opensuse_buildservice@ojkastl.de - Update to version 0.73.5: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1633) * chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1641) * chore(deps): bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#1642) * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#1638) * chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1632) * chore(deps): bump github.com/charmbracelet/bubbletea (#1635) * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#1636) * chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#1630) * chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#1626) * chore: pin action to correct sha (#1598) * chore(deps): bump github.com/google/go-containerregistry (#1625) * Thu Nov 30 2023 kastl@b1-systems.de - Update to version 0.73.4: * chore: bump to syft v0.98.0 in quality gate tests (#1623) * chore: update syft; go mod tidy (#1621) * chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#1618) * chore: explicitly test maven suffixes (#1617) * chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#1611) * Mon Nov 20 2023 kastl@b1-systems.de - Update to version 0.73.3: * chore(deps): update Syft to v0.97.1 (#1610) * Fri Nov 17 2023 kastl@b1-systems.de - Update to version 0.73.2: * chore(deps): update Syft to v0.97.0 (#1608) * chore: bump vulnerability match label dataset (#1606) * fix: golang version parsing (#1599) * chore(deps): update bootstrap tools to latest versions (#1595) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#1597) * Thu Nov 09 2023 kastl@b1-systems.de - Update to version 0.73.1: * chore(deps): update Syft to v0.96.0 (#1596) * fix: match against debian unstable (#1593) * perf: avoid allocations with `(*regexp.Regexp).MatchString` (#1592) * chore(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1590) * Wed Nov 08 2023 kastl@b1-systems.de - Update to version 0.73.0: * chore(deps): update Syft to v0.95.0 (#1591) * chore: account for syft package metadata changes (#1423) * fix: bump fangs to enable setting golang CPE config using env var (#1585) * chore(deps): update bootstrap tools to latest versions (#1588) * chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1586) * chore: bootstrap action cleanup (#1587) * chore(deps): update bootstrap tools to latest versions (#1584) * Incorporate format API changes from syft (#1582) * chore(deps): bump github.com/docker/docker (#1579) * feat(config): added reason field (#1532) * chore(deps): bump github.com/glebarez/sqlite from 1.9.0 to 1.10.0 (#1583) * Colorize severity in table output (#1284) * feat: add custom maven comparator (#1571) * chore: fix path to quality tests (#1578) * capture quality gate state on failures (#1576) * chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#1575) * chore(deps): update bootstrap tools to latest versions (#1574) * chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.3 (#1573) * docs: add cbl-mariner to supported distro (#1569) * chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#1570) * chore(deps): update bootstrap tools to latest versions (#1567) * Fri Nov 03 2023 Johannes Kastl <kastl@b1-systems.de> - BuildRequire go1.21 * Sat Oct 21 2023 kastl@b1-systems.de - Update to version 0.72.0: * chore(deps): update Syft to v0.94.0 (#1566) * Incorporate Syft java detection improvements (#1555) * add exception for go stdlib search by CPE (#1565) * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#1564) * Add --ignore-states flag for ignoring findings with specific fix states (#1473) * feat: update go-sarif library to use latest release (#1563) * bump clio to get stderr reporting fix (#1561) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#1558) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#1557) * Add checksum signing (#1535) * Fri Oct 13 2023 kastl@b1-systems.de - Update to version 0.71.0: * chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#1554) * feat: disable CPE-based matching for GHSA ecosystems by default (#1412) * chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1552) * Wed Oct 11 2023 kastl@b1-systems.de - Update to version 0.70.0: * chore(deps): update Syft to v0.93.0 (#1550) * chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 (#1547) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#1548) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#1549) * chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#1544) * fix: empty descriptor name and version (#1542) * chore: removes unnecessary conditional (#1539) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#1533) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.69.1: * chore(deps): update Syft to v0.92.0 (#1527) * chore(deps): update bootstrap tools to latest versions (#1524) * chore: add OpenSSF Best Practices badge (#1523) * bump labels to latest (#1525) * chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#1519) * chore(deps): update bootstrap tools to latest versions (#1520) * chore: explicitly test go pseudoversion (#1522) * chore: remove outdated comment about fuzzy matching python versions (#1521) * chore: bump stereoscope to fix data race in UI (#1517) * fix: correctly guess tool comparison (#1516) * chore(deps): update bootstrap tools to latest versions (#1515) * chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#1514) * fix: use PEP440 for Python package version comparison (#1510) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.69.0: * chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 (#1506) * Upgrade syft to v0.91.0 (#1508) * Update chronicle to v0.8.0 (#1507) * fix: terminal clobbering when commands return errors (#1505) * Fix typo in flag (#1501) * chore(deps): bump actions/cache from 3.2.6 to 3.3.2 (#1499) * chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from 1.23.10 to 1.25.4 (#1448) * chore: pin cache versions (#1495) * chore(deps): bump actions/checkout from 3 to 4 (#1475) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.68.1: * fix: version output including supported db schema (#1494) * chore: pin actions; pin images; add top level action permissions (#1493) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.68.0: * feat: introduce exit code failure option for db update check (#1463) * Ignore/add match results based on OpenVEX documents (#1397) * chore(deps): bump docker/login-action from 2 to 3 (#1488) * chore: Fix race conditions around stager, enable detector (#1489) * chore(deps): update Syft to v0.90.0 (#1486) * chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0 (#1485) * chore: update CLI to CLIO (#1437) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.67.0: * feat: grype explain prototype (#1367) * chore: Update go declaration to have point version (#1484) * chore: update grype to use Go v1.21 (#1480) * chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#1481) * chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2 (#1474) * chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#1476) * chore(deps): bump github.com/docker/docker (#1478) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.8 to 0.4.10 (#1477) * chore: bump quality gate to use syft v0.89.0 (#1479) * Tue Sep 05 2023 kastl@b1-systems.de - Update to version 0.66.0: * chore(deps): update Syft to v0.89.0 (#1472) * Add registry certificate verification support (#1232) * fix: set correct default to exclude overlapping binaries (#1452) * fix: portage version comparison (#1468) * chore: pin the vulnerability DB used in quality gate testing (#1470) * chore(deps): update Syft to v0.88.0 (#1466) * chore: update quill version (#1465) * docs: fix some typos on main README (#1455) * note supported versions of grype (#1458) * bump vml labels (#1462) * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#1453) * chore(deps): update bootstrap tools to latest versions (#1450) * fill out new version notice (#1445) * feat: filter out packages owned by OS packages (#1387) * fix: Only remove packages by binary overlap (#1444) * chore: bump to syft v0.87.1 in quality gate (#1442) * Tue Sep 05 2023 kastl@b1-systems.de - Update to version 0.65.2: * chore(deps): update Syft to v0.87.1 (#1432) * chore: Init submodule if missing (#1439) * chore: exclude yardstick store from filename rules (#1440) * chore: use latest yardstick (#1438) * fix: update semver regular expression constraint to allow for 1.20rc1 cases no '-' (#1434) * chore(deps): update bootstrap tools to latest versions (#1424) * chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (#1421) * docs(example-templates): add a simple JUnit XML template (#1422) * chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0 (#1420) * chore: use syft v0.86.1 in the quality gate tests (#1418) * Sun Aug 06 2023 kastl@b1-systems.de - Update to version 0.65.1: * fix: some hang conditions (#1414) * chore(deps): update bootstrap tools to latest versions (#1413) * Tue Aug 01 2023 kastl@b1-systems.de - Update to version 0.65.0: * chore(deps): update Syft to v0.86.1 (#1410) * chore(deps): bump github.com/docker/docker (#1402) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#1406) * chore: bump quality gate label dataset (#1404) * feat: implement secondary sorting for default json output (#1403) * feat: update table sort to be name, version, type, severity, vulnerability (#1400) * chore: in quality tests, only colorize quality output if in a tty (#1398) * chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1396) * Thu Jul 20 2023 kastl@b1-systems.de - Update to version 0.64.2: * fix: vulnerabilities should be printed when `--fail-on` fails (#1395) * chore: bump yardstick to address PyYAML cython compatibility issues (#1394) * Refactor integ test to table test (#1390) * Tue Jul 18 2023 kastl@b1-systems.de - Update to version 0.64.1: * Pass correct output file (#1391) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.8 (#1389) * Port UI to bubbletea (#1385) * Fri Jul 14 2023 kastl@b1-systems.de - Update to version 0.64.0: * chore(deps): update Syft to v0.85.0 (#1383) * feat(outputs): allow to set multiple outputs (#648) (#1346) * Remove Docker section from DEVELOPING.md (#1384) * chore(deps): update bootstrap tools to latest versions (#1381) * chore(deps): bump github.com/docker/docker (#1382) * Port to new syft source API (#1376) * chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1375) * chore: bump quality gate labels and images (#1374) * chore(deps): update bootstrap tools to latest versions (#1368) * Fri Jun 30 2023 kastl@b1-systems.de - Update to version 0.63.1: * Add a simple CSV format template to the templates/ directory and tweak docs (#1366) * chore(deps): update Syft to v0.84.1 (#1372) * fix: Add more log4j-adjacent package ignore rules (#1358) * chore: bump the quality gate labels (#1369) * add oss community board auto-add workflow (#1364) * fix: totals for vulnerability matches (#1359) * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#1363) * chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 (#1357) * Thu Jun 22 2023 kastl@b1-systems.de - Update to version 0.63.0: * Configure chronicle to pre-1.0 mode (#1356) * chore(deps): update Syft to v0.84.0 (#1354) * chore(deps): update bootstrap tools to latest versions (#1353) * chore(deps): update Syft to v0.83.1 (#1352) * chore(deps): bump golang.org/x/term from 0.8.0 to 0.9.0 (#1350) * chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#1351) * chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#1344) * chore: Update the contributing guide (#1347) * feat: add community template folder and new table template (#1343) * chore: log unsupported package qualifier as debug (#1340) * feat: add package info to search by for all match details (#1339) * Mon Jun 12 2023 kastl@b1-systems.de - Update to version 0.62.3: * chore(deps): update bootstrap tools to latest versions (#1334) * chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1336) * chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#1331) * Hide suppressed vulnerabilities when --show-suppressed is not given (#1322) * chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1324) * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1323) * Sat May 27 2023 kastl@b1-systems.de - Update to version 0.62.2: * feat: add source and type to CVSS information (#1317) * chore(deps): bump github.com/docker/docker (#1320) * chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 (#1321) * Wed May 24 2023 kastl@b1-systems.de - Update to version 0.62.1: * chore: update gomod with latest syft (#1313) * chore(deps): bump github.com/docker/docker (#1311) * Tue May 23 2023 kastl@b1-systems.de - Update to version 0.62.0: * bump syft to pre-release of v0.81.0 (#1310) * add main bin ignore (#1305) * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1309) * chore(deps): bump github.com/docker/docker (#1304) * chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 (#1307) * chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#1289) * chore(deps): bump github.com/docker/distribution (#1290) * chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#1298) * chore: update deprecated io/ioutil calls (#1296) * feat: package qualifier for platform CPE (#1291) * Fix reading syft json from stdin by redirect (#1299) * should only use hermetic functions in templates (#1288) * chore(deps): update bootstrap tools to latest versions (#1285) * feat: add non-hermetic sprig functions (#1243) (#1273) * fix: typo in logger prefix (#1283) * chore(deps): bump github.com/docker/docker (#1280) * chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 (#1281) * chore(deps): update Syft to v0.80.0 (#1276) * chore(deps): update bootstrap tools to latest versions (#1277) * docs: add config flag to configuration section (#1271) (#1274) * chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#1272) * chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1268) * chore(deps): update bootstrap tools to latest versions (#1270) * Add support for Syft IDs in JSON output (#1266) * docs: add "cyclonedx-json" to output formats (#1252) * chore(deps): bump github.com/docker/docker (#1257) * chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#1261) * chore(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#1263) * Install skopeo during bootstrap (#1260) * chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#1258) * chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#1256) * chore: update quality gate labels and add keycloak (#1255) * fix: false positive for purl provider for RPM without epoch (#1237) * Sat Apr 22 2023 kastl@b1-systems.de - Update to version 0.61.1: * chore: bump syft to latest version v0.79.0 (#1250) * feat: add timestamp to json output (#1170) (#1249) * chore(deps): update Syft to v0.78.0 (#1242) * chore(deps): bump github.com/docker/docker (#1241) * chore(deps): update bootstrap tools to latest versions (#1239) * chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 (#1233) * chore(deps): update bootstrap tools to latest versions (#1238) * add format make target (#1231) * chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 (#1223) * chore(deps): bump github.com/docker/docker (#1218) * chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 (#1225) * chore(deps): update bootstrap tools to latest versions (#1227) * chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (#1219) * chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1217) * chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1216) * Wed Apr 05 2023 kastl@b1-systems.de - Update to version 0.61.0: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1213) * feat: add default-image-source-config option (#1215) * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#1212) * chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 (#1214) * chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0 (#1207) * chore: update syft update (#1211) * chore: update deprecated set-output calls (#1210) * chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#1205) * chore: update quality gate dataset (#1206) * chore(deps): bump github.com/docker/docker (#1201) * Wed Mar 29 2023 kastl@b1-systems.de - Update to version 0.60.0: * Implement support for Chainguard Linux (#1198) * chore(deps): update bootstrap tools to latest versions (#1194) * chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#1197) * chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1192) * chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 (#1193) * chore(deps): update bootstrap tools to latest versions (#1191) * chore: tweak some workflow text (#1190) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#1181) * chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 (#1184) * chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 (#1189) * chore: Update grype bootstrap tools to latest versions. (#1187) * fix: by-cpe pivot by vuln metadata rather than vulnerability record (#1188) * Update grype bootstrap tools to latest versions. (#1173) * chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#1182) * chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 (#1183) * feat: disable CPE-based matching by default for javascript (#1180) * Update Syft to v0.75.0 (#1177) * chore: bump vuln match quality dataset (#1174) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2 (#1166) * Thu Mar 09 2023 kastl@b1-systems.de - Update to version 0.59.1: * Update grype bootstrap tools to latest versions. (#1163) * Update Syft to v0.74.1 (#1168) * fix: correct APK CPE version comparison logic (#1165) * Sat Mar 04 2023 kastl@b1-systems.de - Update to version 0.59.0: * Grype Release Pipeline Update (#1147) * Add the total types of vulnerabilities in Grype output (#946) * chore(deps): bump gorm.io/gorm from 1.23.5 to 1.23.10 (#1157) * chore: bump quality gate labels and syft version (#1156) * Fri Mar 03 2023 kastl@b1-systems.de - Update to version 0.58.0: * chore: Update Syft to v0.74.0 (#1151) * fix(distro): Disable support for Arch Linux (#1152) * chore: update progress monitor handling (#1149) * Update Syft to v0.73.0 (#1140) * chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1144) * chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 (#1145) * Update grype bootstrap tools to latest versions. (#1137) * chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1141) * chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#1143) * chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1134) * Fri Feb 17 2023 kastl@b1-systems.de - Update to version 0.57.1: * Update Syft to v0.72.0 (#1136) * Thu Feb 16 2023 kastl@b1-systems.de - Update to version 0.57.0: * chore: bump quality gate (#1133) * fix: ignore some false-positives for ruby gems (#1132) * chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#1131) * fix: exclude OS packages from CPE target filtering (#1130) * chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#1129) * chore(deps): bump github.com/docker/docker (#1128) * Update Syft to v0.71.0 (#1126) * chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 (#1125) * Update grype bootstrap tools to latest versions. (#1124) * chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1123) * Update grype bootstrap tools to latest versions. (#1122) * Update grype bootstrap tools to latest versions. (#1116) * Update Syft to v0.70.0 (#1117) * chore(deps): bump github.com/docker/docker (#1114) * Update grype bootstrap tools to latest versions. (#1112) * Update Syft to v0.69.1 (#1111) * chore: prune cosign dependency for grype builds (#1100) * Update grype bootstrap tools to latest versions. (#1108) * Update Syft to v0.69.0 (#1109) * chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#1107) * chore: add new images to quality gate (#1106) * chore: bump yardstick for better quality gate filtering (#1101) * chore(deps): bump actions/cache from 3.0.11 to 3.2.3 (#1096) * chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 (#1097) * chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#1098) * chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 (#1099) * bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a (#1095) * chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 (#1090) * chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#1087) * chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 (#1088) * chore(deps): bump peter-evans/create-pull-request from 4.2.0 to 4.2.3 (#1089) * chore(deps): bump actions/setup-go from 3.3.1 to 3.5.0 (#1091) * chore(deps): bump github/codeql-action from 2.1.31 to 2.1.39 (#1092) * Fri Jan 27 2023 kastl@b1-systems.de - Update to version 0.56.0: * Update Syft to v0.68.1 (#1086) * chore: update grype quality gate (#1085) * chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 (#1081) * chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 (#1075) * chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#1076) * chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#1077) * chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#1074) * chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 (#1078) * chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 (#1079) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 (#1080) * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1083) * chore: align makefile and bootstrap tools scripts more with syft (#1073) * chore: enable dependabot on gomod and GitHub actions (#1072) * Update grype bootstrap tools to latest versions. (#1070) * fix: always include severity in cyclonedx output (#1067) * Update Syft to v0.68.0 (#1064) * Add protobuf FPs to default ignore list (#1062) * chore: update Syft to v0.66.2 (#1060) * Update grype bootstrap tools to latest versions. (#1055) * feat: allow grype db diff to specify local db directories (#1058) * chore: claim artifacthub package ownership from developer-guy (#661) * chore: add github token to quality tests (#1056) * chore: update yardstick to diagnose intermittent failures (#1054) * Update grype bootstrap tools to latest versions. (#1048) * Thu Jan 05 2023 kastl@b1-systems.de - Update to version 0.55.0: * fix: sort vulnerability results (#1052) * Adding internal/file/hasher test cases (#1049) * fix: orient by cve merging (#1046) * Update Syft to v0.64.0 (#1047) * fix: update removing results based on ownership-by-file-overlap (#1045) * feat: swap custom cyclone-dx model for cyclone-dx library (#1038) * chore: add GitLab Community Edition image to quality gate (#1035) * Fri Dec 16 2022 kastl@b1-systems.de - Update to version 0.54.0: * Update Syft to v0.63.0 (#1037) * fix: Exclude binary packages that have overlap by file ownership relationship (#1024) * docs: update quality gate docs (#1032) * Optionally orient results by CVE (#1020) * chore: bump yardstick to latest commit (#1027) * Update Syft to v0.62.3 (#1026) * chore: change CVE example to official sample (#1028) * fix: Table format sorting (#1023) * fix: update architecture release for to ppc64le (#1021) * Update grype bootstrap tools to latest versions. (#1017) * Update Syft to v0.62.2 (#1018) * chore: update quality gate with latest label data (#1016) * chore: update digest for test fixture dockerfile (#1015) * test: remove presenter tests reliance on docker from unit suite (#1013) * fix: swapped base container images (#1011) * chore: update default packages to read (#1007) * Tue Nov 22 2022 kastl@b1-systems.de - Update to version 0.53.1: * Update Syft to v0.62.1 (#1006) * Update grype bootstrap tools to latest versions. (#1004) * scoped: token release for content write on image assets (#1002) * Sat Nov 19 2022 kastl@b1-systems.de - Update to version 0.53.0: * chore: bump syft version v0.62.0 (#1000) * feat: vulnerability namespacing support for rolling distros (#997) * chore: bump quality gate images and label data (#995) * feat: add strong distro type for wolfi (#996) * chore: pin dependencies (#994) * chore: code-ql top level read check (#993) * Add SECURITY.md (#989) * chore: update codeql to pinned v2 with correct write permissions * Update token permissions to be read-only (#988) * Enable the Scorecard Github Action and badge (#929) * Tue Nov 15 2022 kastl@b1-systems.de - Update to version 0.52.0: * chore: update syft to v0.60.3 (#978) * feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961) * chore: grype quality pipeline latest label updates and images (#976) * Implemented new CLI flag: --show-suppressed (#966) * fix: update case for alpine:edge correct vuln feed (#965) * PURL input results in incorrect artifact in JSON output (#968) * Update grype bootstrap tools to latest versions. (#956) * Tue Oct 18 2022 kastl@b1-systems.de - Update to version 0.51.0: * implement v5 db schema to support improved matching between rpm appstream modules (#944) * Update Syft to v0.59.0 (#957) * expand quality gate image set to include rpm appstreams-related images (#952) * Update grype bootstrap tools to latest versions. (#947) * chore: add more quality gate images (#950) * Add in-depth quality gate checks (#949) * Update Syft to v0.58.0 (#941) * Update grype bootstrap tools to latest versions. (#945) * Update grype bootstrap tools to latest versions. (#935) * Update Syft to v0.57.0 (#930) * Wed Sep 21 2022 kastl@b1-systems.de - Update to version 0.50.2: * Update Syft to v0.57.0 (#930) * Correct falsely copied app-name 'syft' in example (#922) * Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927) * Update grype bootstrap tools to latest versions. (#925) * Wed Sep 14 2022 kastl@b1-systems.de - Update to version 0.50.1: * Update Syft to v0.56.0 (#919) * Tue Sep 13 2022 kastl@b1-systems.de - Update to version 0.50.0: * Add support for scanning RPM files (#917) * remove arch typo - add debug/reg s390x (#915) * grype release message update (#914) * feat: extract use cpes in matching logic to be configurable (#911) * docs: add Singularity to "features" in README (#912) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.49.0: * docs: improve Singularity image source docs (#910) * Add Singularity image source (#908) * Update grype bootstrap tools to latest versions. (#907) * Update Syft to v0.55.0 (#906) * Update grype bootstrap tools to latest versions. (#905) * Update grype bootstrap tools to latest versions. (#903) * Update grype bootstrap tools to latest versions. (#896) * Add blurbs about building and running from source (#893) * Fix docker build typo (#891) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.48.0: * disable CPE match filtering based on target software component for java packages (#889) * Update grype bootstrap tools to latest versions. (#886) * fix getting latest gosimports version (#885) * workflow to create automated PRs to update bootstrap tools (#883) * Add s390x build support (#720) * fix: only show distro warning if distro packages exist (#875) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.47.0: * Update Syft to v0.54.0 (#881) * Update README.md (#871) * Update README.md (#868) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.46.0: * test: rm mustConst since unused (#860) * Update Syft to v0.53.4 (#856) * feat: enrich db check cmd feedback (#853) * update syft version location for Makefile (#865) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.45.0: * remove env variable dependencies and keychain from signing script (#864) * macos-latest for signing (#863) * move docker release into separate release workflow (#862) * revert to old docker action (#861) * additional readOptions added per 855 (#857) * Ensure database access is readonly (#854) * push older version for mac runner stability (#852) * bump bouncer to v0.4.0 (#851) * feat: simple input case to request vulnerability data via purl (#795) * update golanci-lint, goreleaser, cosign (#850) * fix: db diff default has flipped base/target url (#845) * Tue Jul 26 2022 kastl@b1-systems.de - Update to version 0.44.0: * add env variables and keychain for GHCR publish (#843) * update grype to use syft v0.52.0 (#838) * add debug distroless image to published images (#835) * add new line for help block (#834) * add Gentoo matching support (#813) * feat: add filtering support using target software field in cpe (#810) * Tue Jul 19 2022 kastl@b1-systems.de - Update to version 0.43.0: * Add new matcher files for golang => remove main module FP matches (#829) * Fix a cyclonedxvex typo and fix the schema document from (#830) * feat: add --only-notfixed flag (#828) * add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825) * Sat Jul 16 2022 kastl@b1-systems.de - Update to version 0.42.0: * bump syft version to v0.51.0 (#822) * feat: implement `grype db diff` command (#812) * fix typo in log message (#819) * Wed Jul 06 2022 kastl@b1-systems.de - Update to version 0.41.0: * update syft to v0.50.0 (#818) * Finalize v4 Grype schema (#803) * docs: update to include rust (#814) * feat: add diffing 2 databases to v3 store functionality (#789) * fix: add support for partybus ui on `grype db update` cmd (#806) * Added Docker example to Readme (#769) * fix: add vex json & xml to listed formats (#802) * docs: update php listing to be more clear that the `.json` file isn't indexed (#808) * Mon Jun 27 2022 kastl@b1-systems.de - Update to version 0.40.1: * update syft => v0.49.0 (#804) * remove oss meetup message (#799) * fix: add fixed versions to cyclonedxjson output (#763) * docs: update to include php (#793) * Wed Jun 22 2022 kastl@b1-systems.de - Update to version 0.40.0: * update grype to latest syft patch v0.48.1 (#790) * fix: add golang to documentation (#788) * fix: accept templates with custom functions (#786) * add db staleness check (#785) * feat: add compose workflow for local dev (#783) * ignore gemfile rich version for semVer comparison (#776) * Support namespace and language as additional criteria for ignoring vulnerability matches (#780) * Wed Jun 22 2022 kastl@b1-systems.de - Update to version 0.39.0: * update syft version to v0.47.0 (#781) * use anchore fork of glebarez/sqlite (#778) * template: Check sanity for template file (#674) * Add announcement for Anchore OSS Meetup (#775) * Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770) * publish release to reduce user friction (#766) * Update Syft to v0.46.3 (#761) * Add reference to logrus logging levels (#758) * README: add MacPorts install info (#759) * Mon Jun 06 2022 Johannes Kastl <kastl@b1-systems.de> - new package grype at version 0.38.0: A vulnerability scanner for container images and filesystems
/usr/bin/grype /usr/share/doc/packages/grype /usr/share/doc/packages/grype/README.md /usr/share/licenses/grype /usr/share/licenses/grype/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 23:06:42 2025