------------------------------------------------------------------- Tue Jul 26 11:28:54 UTC 2022 - kastl@b1-systems.de - Update to version 0.44.0: * add env variables and keychain for GHCR publish (#843) * update grype to use syft v0.52.0 (#838) * add debug distroless image to published images (#835) * add new line for help block (#834) * add Gentoo matching support (#813) * feat: add filtering support using target software field in cpe (#810) ------------------------------------------------------------------- Tue Jul 19 08:19:48 UTC 2022 - kastl@b1-systems.de - Update to version 0.43.0: * Add new matcher files for golang => remove main module FP matches (#829) * Fix a cyclonedxvex typo and fix the schema document from (#830) * feat: add --only-notfixed flag (#828) * add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825) ------------------------------------------------------------------- Sat Jul 16 19:00:16 UTC 2022 - kastl@b1-systems.de - Update to version 0.42.0: * bump syft version to v0.51.0 (#822) * feat: implement `grype db diff` command (#812) * fix typo in log message (#819) ------------------------------------------------------------------- Wed Jul 06 18:11:46 UTC 2022 - kastl@b1-systems.de - Update to version 0.41.0: * update syft to v0.50.0 (#818) * Finalize v4 Grype schema (#803) * docs: update to include rust (#814) * feat: add diffing 2 databases to v3 store functionality (#789) * fix: add support for partybus ui on `grype db update` cmd (#806) * Added Docker example to Readme (#769) * fix: add vex json & xml to listed formats (#802) * docs: update php listing to be more clear that the `.json` file isn't indexed (#808) ------------------------------------------------------------------- Mon Jun 27 13:20:36 UTC 2022 - kastl@b1-systems.de - Update to version 0.40.1: * update syft => v0.49.0 (#804) * remove oss meetup message (#799) * fix: add fixed versions to cyclonedxjson output (#763) * docs: update to include php (#793) ------------------------------------------------------------------- Wed Jun 22 08:33:50 UTC 2022 - kastl@b1-systems.de - Update to version 0.40.0: * update grype to latest syft patch v0.48.1 (#790) * fix: add golang to documentation (#788) * fix: accept templates with custom functions (#786) * add db staleness check (#785) * feat: add compose workflow for local dev (#783) * ignore gemfile rich version for semVer comparison (#776) * Support namespace and language as additional criteria for ignoring vulnerability matches (#780) ------------------------------------------------------------------- Wed Jun 22 08:19:33 UTC 2022 - kastl@b1-systems.de - Update to version 0.39.0: * update syft version to v0.47.0 (#781) * use anchore fork of glebarez/sqlite (#778) * template: Check sanity for template file (#674) * Add announcement for Anchore OSS Meetup (#775) * Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770) * publish release to reduce user friction (#766) * Update Syft to v0.46.3 (#761) * Add reference to logrus logging levels (#758) * README: add MacPorts install info (#759) ------------------------------------------------------------------- Mon Jun 6 19:46:12 UTC 2022 - Johannes Kastl - new package grype at version 0.38.0: A vulnerability scanner for container images and filesystems