-
The original vunnel schemas were very heavily influenced by the existing results format from Anchore Enterprise since we were trying to rip that out with as little disruption as possible. Now we woul…
-
It should be trivial to see what data providers (from vunnel) populated the DB, along with timestamp information:
```
grype db providers
alpine 2024-09-16T01:34:04.087474Z ...
amazon …
-
You can test with:
grype phitux/dailytxt:1.0.15 | grep -i -E '(High|Critical)'
```
Docker image: phitux/dailytxt:1.0.15
flask-cors 3.0.10 4.0.2 python GHSA-hxwh-jpp2-84pm High …
-
**What happened**:
Since the documentation: https://github.com/anchore/grype#supported-sources says: "or `skopeo copy` commands)" I tried to scan backup copies of our docker images and grype does n…
-
**What would you like to be added**:
I think grype can also cover EOL packages.
information is handled here - https://endoflife.date/
this website has an API which we can get the information, both …
-
When using a distroless and minimal image, grype output shows warnings of missing files, e.g.
```
WARN parsing dpkg status: extracting key-value from line: [...] usr/lib/os-release err: cannot par…
-
**What would you like to be added**:
The SLES provider should be enhanced to pull in the OVAL data stating that a package is affected but not fixed
**Why is this needed**:
This would allow ma…
-
### Summary
We have added some CVEs that are fixed upstream to the https://github.com/HHS/simpler-grants-gov/blob/main/.grype.yml#L14 grype ignore list. We should have a playbook and reminder (github…
-
**What would you like to be added**:
Ability to read syft.yaml config file when running grype.
**Why is this needed**:
When scanning a directory or docker image grype uses syft to generate the sb…
-
What would you like to be added:
for each CVE provide also the epss score based on this - https://www.first.org/epss/
Why is this needed:
calculate better the risk for each CVE
Additional context:…