issues
search
anchore
/
grype
A vulnerability scanner for container images and filesystems
Apache License 2.0
8.14k
stars
526
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
test: update quality gate db to latest version
#1972
anchore-actions-token-generator[bot]
opened
11 hours ago
0
chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.3+incompatible
#1971
dependabot[bot]
opened
12 hours ago
0
support cvss 4.0
#1970
tomersein
opened
14 hours ago
0
chore(deps): update tools to latest versions
#1969
anchore-actions-token-generator[bot]
opened
19 hours ago
0
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11
#1968
dependabot[bot]
opened
3 days ago
0
chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.2+incompatible
#1967
dependabot[bot]
closed
12 hours ago
1
chore: pin new sign installer to commit sha
#1966
spiffcs
closed
5 days ago
0
False positive: GHSA-v5h6-c2hv-hv3r (CVE-2024-27280) ruby2.5-stdlib in SLES 15.5 Ecosystem
#1965
sekveaja
opened
6 days ago
0
chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.1+incompatible
#1964
dependabot[bot]
closed
4 days ago
1
chore(deps): bump github.com/charmbracelet/bubbletea from 0.26.5 to 0.26.6
#1963
dependabot[bot]
closed
6 days ago
0
chore(deps): update tools to latest versions
#1962
anchore-actions-token-generator[bot]
closed
6 days ago
0
chore: add workflow to update quality test db
#1961
spiffcs
closed
6 days ago
1
chore: update test_db_url
#1960
spiffcs
closed
1 week ago
0
chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5
#1959
dependabot[bot]
closed
1 week ago
1
chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1
#1958
dependabot[bot]
closed
1 week ago
1
chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0
#1957
dependabot[bot]
closed
1 week ago
1
Possible FP - CVE-2019-10222 ceph in ec2 linux
#1956
tomersein
opened
1 week ago
3
chore(deps): bump github.com/charmbracelet/bubbletea from 0.26.4 to 0.26.5
#1955
dependabot[bot]
closed
1 week ago
0
chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0
#1954
dependabot[bot]
closed
1 week ago
0
chore: enable dependabot to keep boostrap action updated
#1953
westonsteimel
closed
1 week ago
0
False positive: GHSA-v845-jxx5-vc9f (CVE-2023-43804) python3-urllib3 in SLES 15.5 Ecosystem
#1952
sekveaja
opened
1 week ago
0
Grype appears to be writing v1.6 spec cyclonedx files that grype itself cannot read (affects 0.79.0+)
#1951
ragaskar
opened
1 week ago
6
fix: use location `RealPath` not `String()` for match sorting
#1950
luhring
closed
1 week ago
0
chore: update CI to install golang at latest version
#1949
spiffcs
closed
2 weeks ago
0
chore(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2
#1948
dependabot[bot]
closed
2 weeks ago
0
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
#1947
dependabot[bot]
closed
2 weeks ago
0
feat: pass thru the cpe source if available
#1946
zhill
opened
2 weeks ago
1
chore: Update syft v1.7.0
#1945
spiffcs
closed
2 weeks ago
0
fix match sort ordering for different locations
#1944
luhring
closed
2 weeks ago
0
chore(deps): update tools to latest versions
#1943
anchore-actions-token-generator[bot]
closed
2 weeks ago
0
chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 27.0.0+incompatible
#1942
dependabot[bot]
closed
2 weeks ago
1
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7
#1941
dependabot[bot]
closed
2 weeks ago
0
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10
#1940
dependabot[bot]
closed
2 weeks ago
0
grype db is not being downloaded
#1939
tomersein
opened
2 weeks ago
4
Can you control the internal format used by Syft when scanning a directory?
#1938
tomasr
opened
2 weeks ago
3
False positive: GHSA-m2qf-hxjv-5gpq (CVE-2023-30861) python3-Flash in SLES 15.5 Ecosystem
#1937
sekveaja
opened
2 weeks ago
0
False positive: GHSA-xg9f-g7g7-2323 (CVE-2023-25577) python3-Werkzeug in SLES 15.5 Ecosystem
#1936
sekveaja
opened
2 weeks ago
1
False positive: GHSA-x4qr-2fvf-3mr5 (CVE-2023-0286), GHSA-jfhm-5ghh-2f97 (CVE-2023-49083) in SLES 15.5 Ecosystem but trigger by cryptography
#1935
sekveaja
opened
2 weeks ago
0
Updating maven URLs in README.md
#1934
JoshuaCooper
closed
2 weeks ago
0
Sort order for matches should consider fix info
#1933
wagoodman
closed
2 weeks ago
0
Look at package rebuild info on advisories for indirect matches
#1932
wagoodman
opened
2 weeks ago
2
Prefer direct match information over indirect matches
#1931
wagoodman
opened
2 weeks ago
5
Remove wordpress mentions in false positive list
#1930
Javiery3889
closed
2 weeks ago
2
False positive: GHSA-w596-4wvx-j9j6 (CVE-2022-42969) in SLES 15.5 Ecosystem
#1929
sekveaja
opened
2 weeks ago
0
chore(deps): bump github.com/anchore/syft from 1.5.0 to 1.6.0
#1928
dependabot[bot]
closed
2 weeks ago
1
False positive: GHSA-v3c5-jqr6-7qm8 (CVE-2022-40899) in SLES 15.5 Ecosystem
#1927
sekveaja
opened
2 weeks ago
0
chore(deps): update Syft to v1.6.0
#1926
anchore-actions-token-generator[bot]
closed
2 weeks ago
0
chore(deps): update tools to latest versions
#1925
anchore-actions-token-generator[bot]
closed
2 weeks ago
0
False positive: GHSA-qwmp-2cf2-g9g6 (CVE-2022-40898) in SLES 15.5 Ecosystem
#1924
sekveaja
opened
3 weeks ago
0
False positive: GHSA-v973-fxgf-6xhp (CVE-2022-40023) python3-Mako in SLES 15.5 Ecosystem
#1923
sekveaja
opened
3 weeks ago
0
Next