Releases: anchore/grype
Releases · anchore/grype
v0.104.1
Immutable
release. Only release title and notes can be modified.
Contributors
joonas and kzantow
Assets 21
- 1.43 KB
2025-11-24T16:27:26Z - 3.09 KB
2025-11-24T16:27:26Z - 96 Bytes
2025-11-24T16:27:26Z - 27.5 MB
2025-11-24T16:27:20Z - 25.2 MB
2025-11-24T16:27:20Z - 26.5 MB
2025-11-24T16:27:25Z - 27.4 MB
2025-11-24T16:27:23Z - 26.4 MB
2025-11-24T16:27:17Z - 24.2 MB
2025-11-24T16:27:24Z - 25 MB
2025-11-24T16:27:22Z -
2025-11-24T16:11:36Z -
2025-11-24T16:11:36Z -
2025-11-24T16:11:36Z - Loading
v0.104.0
Immutable
release. Only release title and notes can be modified.
Added Features
- Add
--fromflag [#3035 @wagoodman] - Let a suppression expire to prevent that one will forget to resolve a vulnerability [#3031]
Bug Fixes
- Unnormalized fix version triggers false-positive in mssql-jdbc [#3042 #3034 @jamestexas]
Additional Changes
- junit template use CDATA block to prevent XML parse errors [#3019 @nvtkaszpir]
- Keep nested loggers labeled [#3040 @wagoodman]
Contributors
wagoodman, nvtkaszpir, and jamestexas
Assets 21
v0.103.0
Immutable
release. Only release title and notes can be modified.
Added Features
- Allow hyphen in version string [#3021 @willmurphyscode]
- Respect rpmmod PURL qualifier [#3020 @willmurphyscode]
Contributors
willmurphyscode
Assets 21
v0.102.0
Added Features
- Use Alma Linux specific advisories for Alma Linux scans [#2745 #2939 @willmurphyscode]
Bug Fixes
- Bitnami packages with CPEs are not matched against CPE-based vulnerabilities [#2997]
Additional Changes
- add markdown template [#2987 @sebdanielsson]
Contributors
willmurphyscode and sebdanielsson
Assets 20
v0.101.1
Bug Fixes
- Panic error scanning images with v0.101.0 on some java dependencies [#3002]
v0.101.0
Added Features
- Add cyclonedx to RpmMetadata [#2935 @sfc-gh-rmaj]
grype db searchcan filter by fixed state [#2968 @willmurphyscode]- Support using VEX documents with directory scans and SBOMs [#2471 #2811 @alegrey91]
Bug Fixes
- Issue installing Grype using documented curl command [#2985]
- Advisory ID blank in JSON output [#2965]
Additional Changes
- update flags with v3 to not use default config [#3000 @spiffcs]
- fix Cosign documentation URL in installer [#2995 @lime]
- set advisory id again [#2979 @willmurphyscode]
- add db schema validation [#2962 @willmurphyscode]
Contributors
lime, willmurphyscode, and 3 other contributors
Assets 20
v0.100.0
Added Features
- Add unaffected package and CPE stores [#2888 @wagoodman]
- use unaffected match table to remove appropriate vulns [#2886 @crosleyzack]
Contributors
wagoodman and crosleyzack
Assets 20
v0.99.1
Bug Fixes
- Present fix available version in grype JSON output [#2905 @wagoodman]
- detect patch numbers in fuzzy version comparison [#2844 @willmurphyscode]
- Make timestamp in output configurable (so that results are more reproducible) [#522 #2724 @gabetrau]
- Grype .98 misidentifies the container package version [#2884]
Contributors
wagoodman, willmurphyscode, and gabetrau
Assets 20
v0.99.0
Added Features
- Add fix availability information to DB schema [#2862 @wagoodman]
- Add support vulnerability matching for raspbian [#2893 @westonsteimel]
- Add Vex CSAF support [#1826 @juan131]
Bug Fixes
- include channel in grype db search output [#2873 @willmurphyscode]
- add UnmarshalJSON to fix availability blob [#2889 @willmurphyscode]
- Grype misdetect Grafana version [#2783]
Breaking Changes
Contributors
wagoodman, westonsteimel, and 2 other contributors
Assets 20
v0.98.0
Added Features
- move debian 13 (trixie) to released and debian 14 (forky) to testing/sid/unstable [#2861 @westonsteimel]
Contributors
westonsteimel