grype db import fails

[ep4sh]

What happened: Vuln db cannot be imported

What you expected to happen: Vuln db is imported

How to reproduce it (as minimally and precisely as possible): 1) fetch https://toolbox-data.anchore.io/grype/databases/listing.json 2) Take the latest DB url, in my case: https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v1_2024-05-24T01:30:31Z_1716525789.tar.gz and download it. 3) grype db import "./vulnerability-db_v1_2024-05-24T01:30:31Z_1716525789.tar.gz" Anything else we need to know?: tested in bullseye docker container:

    1  apt update && apt install wget
    2  wget https://github.com/anchore/grype/releases/download/v0.77.4/grype_0.77.4_linux_amd64.deb
    3  ls
    4  wget https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v1_2024-05-24T01:30:31Z_1716525789.tar.gz
    5  ls
    6  grype --version
    7  apt install ./grype_0.77.4_linux_amd64.deb 
    8  grype --version
    9  grype db import "./vulnerability-db_v1_2024-05-24T01:30:31Z_1716525789.tar.gz" 
   10  history 

Error:

root@b1101b2f700b:/# grype db import "./vulnerability-db_v1_2024-05-24T01:30:31Z_1716525789.tar.gz" 
unable to import vulnerability database: unsupported database version: have=1 want=5

Environment:

• Output of grype version: grype_0.77.4

• OS (e.g: cat /etc/os-release or similar): debian

[kzantow]

@ep4sh it looks like you are downloading a version 1 database (note the v1 in the db name/url). You should always be downloading the latest version for the latest Grype, which as of today is v5 -- just look in the "5" key.

[ep4sh]

Got it, thanks, it works now!