1 Release published by 1 person

• v0.89.1

  published Mar 13, 2025

3 Pull requests merged by 2 people

• fix: populate vulnerability.Metadata.DataSource with first reference URL

  #2523 merged Mar 11, 2025

• fix(java): Ensure fatal error from maven search bubbles up

  #2518 merged Mar 10, 2025

• fix: exclude self from related vulnerability list

  #2515 merged Mar 7, 2025

4 Pull requests opened by 3 people

• chore(deps): update tools to latest versions

  #2512 opened Mar 7, 2025

• chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11

  #2519 opened Mar 10, 2025

• chore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0 to 1.1.0

  #2525 opened Mar 13, 2025

• chore: attach snapshot build artifacts to each workflow

  #2526 opened Mar 13, 2025

6 Issues closed by 5 people

• False positives for github.com/hashicorp/consul: Installed version reported as v0.0.0

  #1863 closed Mar 12, 2025

• False negative: PostgreSQL official images lack PostgreSQL-specific vulnerabilities

  #2524 closed Mar 12, 2025

• Split DB v6 Curator object

  #2127 closed Mar 11, 2025

• Source URLs missing/broken in output with latest release

  #2520 closed Mar 11, 2025

• adding timestamps values for CVEs

  #2522 closed Mar 11, 2025

• Grype results set a vulnerability as its own related vulnerability

  #2514 closed Mar 7, 2025

4 Issues opened by 4 people

• Posible false positive detection - CVE-2022-1271 - gzip - Ubuntu 22.04

  #2527 opened Mar 13, 2025

• Match vulnerabilities by distro name when no version specified

  #2521 opened Mar 10, 2025

• Grype can't update DB in docker volume (regression)

  #2517 opened Mar 8, 2025

• Latest version of grype with V6 schema lists incorrect URL for v6 database

  #2513 opened Mar 7, 2025

7 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Does not fill in the Level field of the SARIF result object

  #2511 commented on Mar 7, 2025 • 0 new comments

• Add published field in output

  #2489 commented on Mar 11, 2025 • 0 new comments

• Provide the default template under the templates path

  #2171 commented on Mar 12, 2025 • 0 new comments

• Allow for scanning multiple scan targets at once

  #1259 commented on Mar 12, 2025 • 0 new comments

• CVE-2024-53104 (Redhat 9.4)

  #2446 commented on Mar 13, 2025 • 0 new comments

• Make timestamp in output configurable (so that results are more reproducible)

  #522 commented on Mar 13, 2025 • 0 new comments

• Add support for the Mageia distro

  #2449 commented on Mar 11, 2025 • 0 new comments