winget install --id Anchore.GrypeAbout Grype
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
What's new in 0.112.0
Added Features - Expand ignore rules to owned sub packages of distro packages [#3368 #3326 @kzantow] Additional Changes - update anchore dependencies [#3391 @anchore-oss-update-bot] (Full Changelog)
Version history
| Version | Updated | Notes |
|---|---|---|
| 0.112.0 | Unknown | Added Features - Expand ignore rules to owned sub packages of distro packages [#3368 #3326 @kzantow] Additional Changes - update anchore dependencies [#3391 @anchore-oss-update-bot] (Full Changelog) |
| 0.111.1 | Unknown | Bug Fixes - apply overlap by ownership removal to dynamically created relationships [#3363 @kzantow] - compare mismatched package / db versions [#3372 @kzantow] - Grype doesn't recognize debian component when "group" : "... |
| 0.111.0 | Unknown | Added Features - db diff for v6 [#3277 @kzantow] - add ProvideFromReader for in-memory SBOM processing [#3344 @jspilman] - match on hummingbird [#3331 @willmurphyscode] - CSAF vex transformer [#3349 @willmurphyscode] - c... |
| 0.110.0 | Unknown | Added Features - suppress GHSA matches on language packages in fixed APKs [#3282 @willmurphyscode] Bug Fixes - use Syft for decoding CPEs [#3058 @chovanecadam] Additional Changes - bump github.com/buger/jsonparser to v1.... |
| 0.109.1 | Unknown | Bug Fixes - CVE-2025-12183 is not detected even if vulnerable jar is present [#3205] Additional Changes - migrate fixtures to testdata [#3263 @wagoodman] (Full Changelog) |
| 0.109.0 | Unknown | Added Features - Strip v prefix from apk versions [#3239 @wagoodman] Bug Fixes - missing EPSS/KEV should not be fatal error [#3224 @willmurphyscode] Additional Changes - update build flag to use provenance=false [#3243 @... |
| 0.108.0 | Unknown | Added Features - enable disabling EOL warnings [#3204 @willmurphyscode] Bug Fixes - fix fallback on major only distro [#3213 @willmurphyscode] - VEX Documents still not working with syft sbom [#3167] - VEX: minimal OpenV... |
| 0.107.1 | Unknown | Additional Changes - support context cancellation while finding vuln matches [#3200 @luhring] (Full Changelog) |
| 0.107.0 | Unknown | Added Features - Add secureos distro [#3086 @divolgin] - add hex matcher for Erlang/Elixir ecosystem [#3194 @willmurphyscode] Bug Fixes - disable version fallback in EOL query [#3195 @willmurphyscode] - VEX documents wit... |
| 0.106.0 | Unknown | Added Features - warn about packages from EOL distros [#3171 @willmurphyscode] - make it configurable what grype assumes when incoming package to grype is missing dpkg/RPM epoch [#2964 #2976 @willmurphyscode] Bug Fixes -... |
| 0.105.0 | Unknown | Added Features - Add archlinux matcher to grype [#3154 @willmurphyscode] (Full Changelog) |
| 0.104.4 | Unknown | Bug Fixes - preserve local version segment in constraints for PEP 440 comparison [#3146 @willmurphyscode] Additional Changes - correct help text for return code for fail-on severity option [#3138 @u-ways] (Full Changelog... |
| 0.104.3 | Unknown | Bug Fixes - Use specifier matching rules when comparing python versions [#3121 @wagoodman] (Full Changelog) |
| 0.104.2 | Unknown | Bug Fixes - Since version 0.104.0 shaded jars are not reported [#3098] - db search fails with misleading message (out of memory) when no db is present [#3049 #3077 @JvD-Ericsson] Additional Changes - replace os.Chdir wit... |
| 0.104.1 | Unknown | Bug Fixes - redact during file output [#3068 @kzantow] - Unaffected match table does not filter results if CPE matching is enabled [#3056 #3066 @kzantow] Additional Changes - migrate grype to use mholt/archives instead o... |
| 0.104.0 | Unknown | Added Features - Add --from flag [#3035 @wagoodman] - Let a suppression expire to prevent that one will forget to resolve a vulnerability [#3031] Bug Fixes - Unnormalized fix version triggers false-positive in mssql-jdbc... |
| 0.103.0 | Unknown | Added Features - Allow hyphen in version string [#3021 @willmurphyscode] - Respect rpmmod PURL qualifier [#3020 @willmurphyscode] (Full Changelog) |
| 0.102.0 | Unknown | Added Features - Use Alma Linux specific advisories for Alma Linux scans [#2745 #2939 @willmurphyscode] Bug Fixes - Bitnami packages with CPEs are not matched against CPE-based vulnerabilities [#2997] Additional Changes... |
| 0.101.1 | Unknown | Bug Fixes - Panic error scanning images with v0.101.0 on some java dependencies [#3002] (Full Changelog) |
| 0.101.0 | Unknown | Added Features - Add cyclonedx to RpmMetadata [#2935 @sfc-gh-rmaj] - grype db search can filter by fixed state [#2968 @willmurphyscode] - Support using VEX documents with directory scans and SBOMs [#2471 #2811 @alegrey91... |