Skip to content
Release history
grype releases
A vulnerability scanner for container images and filesystems
Monitor
v0.113.0
New feature
·
Crypto / TLS
Ubuntu 26.04 + Hummingbird filter + TLS/HTTP warnings
v0.112.0
New feature
·
Notable features
- Ignore rules expanded to owned sub packages of distro packages
Full changelog
Added Features
- Expand ignore rules to owned sub packages of distro packages [#3368 #3326 @kzantow]
Additional Changes
- update anchore dependencies [#3391 @anchore-oss-update-bot]
(Full Changelog)
v0.111.1
Bug fix
·
Fixed vulnerability relationship matching, SARIF output helpURI, and Debian component recognition.
Full changelog
Bug Fixes
- apply overlap by ownership removal to dynamically created relationships [#3363 @kzantow]
- compare mismatched package / db versions [#3372 @kzantow]
- Grype doesn't recognize debian component when
"group" : "debian" is specified [#2967]
- HelpURI missing information in SARIF output [#2874 #3351 @will-bates11]
(Full Changelog)
v0.111.0
New feature
·
Notable features
- db diff for v6
- add ProvideFromReader for in-memory SBOM processing
- CSAF vex transformer
v0.110.0
New feature
·
Notable features
- suppress GHSA matches on language packages in fixed APKs
- use Syft for decoding CPEs
v0.109.1
Security relevant
·
Security fixes
- CVE-2025-12183 not detected in vulnerable jars
v0.109.0
New feature
·
Notable features
- Strip v prefix from apk versions
- Port grype-db library to grype
v0.108.0
New feature
·
Notable features
- Enable disabling EOL warnings
- VEX Documents support with syft sbom
- Improved VEX product and subcomponent matching
v0.107.1
Bug fix
·
Minor fixes and improvements.
Full changelog
Additional Changes
- support context cancellation while finding vuln matches [#3200 @luhring]
(Full Changelog)
v0.107.0
New feature
·
Notable features
- Hex matcher for Erlang/Elixir ecosystem
- Improved VEX document registry matching
Full changelog
Added Features
- Add secureos distro [#3086 @divolgin]
- add hex matcher for Erlang/Elixir ecosystem [#3194 @willmurphyscode]
Bug Fixes
- disable version fallback in EOL query [#3195 @willmurphyscode]
- VEX documents with docker.io registry reference not matching, require index.docker.io instead [#2818 #3172 @jainlakshya]
(Full Changelog)
v0.106.0
New feature
·
Notable features
- warn about packages from EOL distros
- make it configurable what grype assumes for missing dpkg/RPM epoch
v0.105.0
New feature
·
Full changelog
Added Features
- Add archlinux matcher to grype [#3154 @willmurphyscode]
(Full Changelog)
v0.104.4
Bug fix
·
Minor fixes and improvements.
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for ""
⌘K to open
↑↓ navigate
⏎ open