Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/grype
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.101.0
Choose a base ref
...
head repository: anchore/grype
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 10 commits
  • 20 files changed
  • 7 contributors

Commits on Oct 16, 2025

  1. chore(deps): update tools to latest versions (#3003) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <[email protected]>
    @anchore-actions-token-generator @westonsteimel
    anchore-actions-token-generator[bot] and westonsteimel authored Oct 16, 2025
    Configuration menu
    Copy the full SHA
    1efded8 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update anchore dependencies (#3005) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <[email protected]>
    @anchore-actions-token-generator @willmurphyscode
    anchore-actions-token-generator[bot] and willmurphyscode authored Oct 16, 2025
    Configuration menu
    Copy the full SHA
    dccc91b View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.8 (#3006) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.6 to 0.20.8.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@f8bdd1d...aa0e114)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 16, 2025
    Configuration menu
    Copy the full SHA
    d6bc728 View commit details
    Browse the repository at this point in the history

  4. feat: add markdown template (#2987) 

    * Add markdown template

Add markdown template for displaying vulnerabilities.

Signed-off-by: Sebastian <[email protected]>

* Add more data to Vulnerability Report

Signed-off-by: Sebastian <[email protected]>

---------

Signed-off-by: Sebastian <[email protected]>
    @sebdanielsson
    sebdanielsson authored Oct 16, 2025
    Configuration menu
    Copy the full SHA
    d949ea5 View commit details
    Browse the repository at this point in the history

Commits on Oct 20, 2025

  1. chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#3007) 

    Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.10.0 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@d7543c9...faadad0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 20, 2025
    Configuration menu
    Copy the full SHA
    9aaa411 View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2025

  1. feat: use AlmaLinux advisories for fix info in RPM matcher (#2939) 

    Previously, the RPM matcher assumed that an AlmaLinux system had identical
vulnerability information to a RHEL system. However, AlmaLinux has its own set
of advisories that may differ from RHEL. In order to address this gap, when
AlmaLinux data is available and the distro is identified as AlmaLinux, the RPM
matcher will consider Red Hat disclosures, but consider fix information from
AlmaLinux advisories.

This change is specifically meant to address the class of false positives where
AlmaLinux advisories have a lower fix version than RHEL advisories for the same
CVE, especially in cases where Alma patches a lower upstream than Red Hat, or
cases where the RPM version contains a module build number, since AlmaLinux
module build numbers are typically lower than RHEL ones.

Signed-off-by: Will Murphy <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>
    @willmurphyscode @wagoodman
    willmurphyscode and wagoodman authored Oct 21, 2025
    Configuration menu
    Copy the full SHA
    ea9d52d View commit details
    Browse the repository at this point in the history

Commits on Oct 22, 2025

  1. chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#3008) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.30.8 to 4.30.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f443b60...16140ae)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.30.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 22, 2025
    Configuration menu
    Copy the full SHA
    9e4664d View commit details
    Browse the repository at this point in the history

  2. chore(deps): update tools to latest versions (#3009) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <[email protected]>
    @anchore-actions-token-generator @westonsteimel
    anchore-actions-token-generator[bot] and westonsteimel authored Oct 22, 2025
    Configuration menu
    Copy the full SHA
    58c144c View commit details
    Browse the repository at this point in the history

  3. chore(deps): update anchore dependencies (#3010) 

    * chore(deps): update anchore dependencies

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* test: cover new Python PDM lock entry metadata

Signed-off-by: Will Murphy <[email protected]>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Will Murphy <[email protected]>
Co-authored-by: willmurphyscode <[email protected]>
Co-authored-by: Will Murphy <[email protected]>
    @anchore-actions-token-generator @willmurphyscode
    3 people authored Oct 22, 2025
    Configuration menu
    Copy the full SHA
    ad9579a View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2025

  1. chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 (#3012) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.8 to 0.20.9.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@aa0e114...8e94d75)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 23, 2025
    Configuration menu
    Copy the full SHA
    ab01450 View commit details
    Browse the repository at this point in the history
Loading