forked from pool/grype
770c9c3825
update to 0.53.0 OBS-URL: https://build.opensuse.org/request/show/1036799 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/grype?expand=0&rev=23
206 lines
8.6 KiB
Plaintext
206 lines
8.6 KiB
Plaintext
-------------------------------------------------------------------
|
|
Sat Nov 19 12:05:00 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.53.0:
|
|
* chore: bump syft version v0.62.0 (#1000)
|
|
* feat: vulnerability namespacing support for rolling distros (#997)
|
|
* chore: bump quality gate images and label data (#995)
|
|
* feat: add strong distro type for wolfi (#996)
|
|
* chore: pin dependencies (#994)
|
|
* chore: code-ql top level read check (#993)
|
|
* Add SECURITY.md (#989)
|
|
* chore: update codeql to pinned v2 with correct write permissions
|
|
* Update token permissions to be read-only (#988)
|
|
* Enable the Scorecard Github Action and badge (#929)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 15 15:42:37 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.52.0:
|
|
* chore: update syft to v0.60.3 (#978)
|
|
* feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961)
|
|
* chore: grype quality pipeline latest label updates and images (#976)
|
|
* Implemented new CLI flag: --show-suppressed (#966)
|
|
* fix: update case for alpine:edge correct vuln feed (#965)
|
|
* PURL input results in incorrect artifact in JSON output (#968)
|
|
* Update grype bootstrap tools to latest versions. (#956)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 18 05:12:14 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.51.0:
|
|
* implement v5 db schema to support improved matching between rpm appstream modules (#944)
|
|
* Update Syft to v0.59.0 (#957)
|
|
* expand quality gate image set to include rpm appstreams-related images (#952)
|
|
* Update grype bootstrap tools to latest versions. (#947)
|
|
* chore: add more quality gate images (#950)
|
|
* Add in-depth quality gate checks (#949)
|
|
* Update Syft to v0.58.0 (#941)
|
|
* Update grype bootstrap tools to latest versions. (#945)
|
|
* Update grype bootstrap tools to latest versions. (#935)
|
|
* Update Syft to v0.57.0 (#930)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 21 08:31:07 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.50.2:
|
|
* Update Syft to v0.57.0 (#930)
|
|
* Correct falsely copied app-name 'syft' in example (#922)
|
|
* Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927)
|
|
* Update grype bootstrap tools to latest versions. (#925)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 14 05:40:23 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.50.1:
|
|
* Update Syft to v0.56.0 (#919)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 13 12:42:49 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.50.0:
|
|
* Add support for scanning RPM files (#917)
|
|
* remove arch typo - add debug/reg s390x (#915)
|
|
* grype release message update (#914)
|
|
* feat: extract use cpes in matching logic to be configurable (#911)
|
|
* docs: add Singularity to "features" in README (#912)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 07 05:39:15 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.49.0:
|
|
* docs: improve Singularity image source docs (#910)
|
|
* Add Singularity image source (#908)
|
|
* Update grype bootstrap tools to latest versions. (#907)
|
|
* Update Syft to v0.55.0 (#906)
|
|
* Update grype bootstrap tools to latest versions. (#905)
|
|
* Update grype bootstrap tools to latest versions. (#903)
|
|
* Update grype bootstrap tools to latest versions. (#896)
|
|
* Add blurbs about building and running from source (#893)
|
|
* Fix docker build typo (#891)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 07 05:36:24 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.48.0:
|
|
* disable CPE match filtering based on target software component for java packages (#889)
|
|
* Update grype bootstrap tools to latest versions. (#886)
|
|
* fix getting latest gosimports version (#885)
|
|
* workflow to create automated PRs to update bootstrap tools (#883)
|
|
* Add s390x build support (#720)
|
|
* fix: only show distro warning if distro packages exist (#875)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 07 05:33:41 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.47.0:
|
|
* Update Syft to v0.54.0 (#881)
|
|
* Update README.md (#871)
|
|
* Update README.md (#868)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 07 05:30:47 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.46.0:
|
|
* test: rm mustConst since unused (#860)
|
|
* Update Syft to v0.53.4 (#856)
|
|
* feat: enrich db check cmd feedback (#853)
|
|
* update syft version location for Makefile (#865)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 07 05:28:51 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.45.0:
|
|
* remove env variable dependencies and keychain from signing script (#864)
|
|
* macos-latest for signing (#863)
|
|
* move docker release into separate release workflow (#862)
|
|
* revert to old docker action (#861)
|
|
* additional readOptions added per 855 (#857)
|
|
* Ensure database access is readonly (#854)
|
|
* push older version for mac runner stability (#852)
|
|
* bump bouncer to v0.4.0 (#851)
|
|
* feat: simple input case to request vulnerability data via purl (#795)
|
|
* update golanci-lint, goreleaser, cosign (#850)
|
|
* fix: db diff default has flipped base/target url (#845)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 26 11:28:54 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.44.0:
|
|
* add env variables and keychain for GHCR publish (#843)
|
|
* update grype to use syft v0.52.0 (#838)
|
|
* add debug distroless image to published images (#835)
|
|
* add new line for help block (#834)
|
|
* add Gentoo matching support (#813)
|
|
* feat: add filtering support using target software field in cpe (#810)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 19 08:19:48 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.43.0:
|
|
* Add new matcher files for golang => remove main module FP matches (#829)
|
|
* Fix a cyclonedxvex typo and fix the schema document from (#830)
|
|
* feat: add --only-notfixed flag (#828)
|
|
* add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 16 19:00:16 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.42.0:
|
|
* bump syft version to v0.51.0 (#822)
|
|
* feat: implement `grype db diff` command (#812)
|
|
* fix typo in log message (#819)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 06 18:11:46 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.41.0:
|
|
* update syft to v0.50.0 (#818)
|
|
* Finalize v4 Grype schema (#803)
|
|
* docs: update to include rust (#814)
|
|
* feat: add diffing 2 databases to v3 store functionality (#789)
|
|
* fix: add support for partybus ui on `grype db update` cmd (#806)
|
|
* Added Docker example to Readme (#769)
|
|
* fix: add vex json & xml to listed formats (#802)
|
|
* docs: update php listing to be more clear that the `.json` file isn't indexed (#808)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 27 13:20:36 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.40.1:
|
|
* update syft => v0.49.0 (#804)
|
|
* remove oss meetup message (#799)
|
|
* fix: add fixed versions to cyclonedxjson output (#763)
|
|
* docs: update to include php (#793)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 22 08:33:50 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.40.0:
|
|
* update grype to latest syft patch v0.48.1 (#790)
|
|
* fix: add golang to documentation (#788)
|
|
* fix: accept templates with custom functions (#786)
|
|
* add db staleness check (#785)
|
|
* feat: add compose workflow for local dev (#783)
|
|
* ignore gemfile rich version for semVer comparison (#776)
|
|
* Support namespace and language as additional criteria for ignoring vulnerability matches (#780)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 22 08:19:33 UTC 2022 - kastl@b1-systems.de
|
|
|
|
- Update to version 0.39.0:
|
|
* update syft version to v0.47.0 (#781)
|
|
* use anchore fork of glebarez/sqlite (#778)
|
|
* template: Check sanity for template file (#674)
|
|
* Add announcement for Anchore OSS Meetup (#775)
|
|
* Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770)
|
|
* publish release to reduce user friction (#766)
|
|
* Update Syft to v0.46.3 (#761)
|
|
* Add reference to logrus logging levels (#758)
|
|
* README: add MacPorts install info (#759)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 6 19:46:12 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
|
|
|
|
- new package grype at version 0.38.0: A vulnerability scanner for container images and filesystems
|