adriens for opt-nc

Posted on Jun 24, 2022

📢 Grype v0.40.1 released and php support

#docker #security #devops #php

🗞️ News

Grype has just released an excitin version as it embeds the following issue :

Include php in Grype supported languages #792

cpendery posted on Jun 17, 2022

What would you like to be added: php, via composer, should be listed in Grype's supported languages

Why is this needed: Composer is a namespace under Github in the Grype databases as early as May

Additional context:

View on GitHub

🍿 News and upgrade demo

Top comments (4)

adriens opt-nc • Jun 24 '22

Adrien SALES

@rastadidi

📢 @anchore @GrypeProject v0.40.1 is released... and does now support #php @packagist 🛡️
🗞️ Get the short news 👇
dev.to/optnc/grype-v0…
#DevOps #devsecops #security #Docker #k8s #Kubernetes #infosec #Website

23:07 PM - 24 Jun 2022

adriens opt-nc • Jun 25 '22

... and coming to the scan action :

Update Grype to v0.40.1 #180

anchore-actions-token-generator[bot] posted on Jun 25, 2022

Update Grype to v0.40.1

View on GitHub

adriens opt-nc • Jun 27 '22

Released to the Scan Action, check merged PR below :

Update Grype to v0.40.1 #180

anchore-actions-token-generator[bot] posted on Jun 25, 2022

Update Grype to v0.40.1

View on GitHub

adriens opt-nc • Jun 27 '22

Not finding vulnerabilities in php (composer) #797

josecoimbra posted on Jun 23, 2022

What happened: Using grype as usual with a php (composer) project: grype dir:. produces an empty list of vulnerabilities.

What you expected to happen: A list of vulnerabilities.

How to reproduce it (as minimally and precisely as possible): I tried with this project, which is a composer project, and grype found no vulnerabilities. Even checking out tags of older versions.

Environment:

Output of grype version:

$ grype version Application: grype Version: 0.40.0 Syft Version: v0.48.1 BuildDate: 2022-06-17T16:15:24Z GitCommit: 0703bae9778e661e2cc21d5caa816cda30472b14 GitDescription: v0.40.0 Platform: linux/amd64 GoVersion: go1.18.3 Compiler: gc Supported DB Schema: 3

OS (e.g: cat /etc/os-release or similar):

$ cat /etc/os-release PRETTY_NAME="Ubuntu 21.10" NAME="Ubuntu" VERSION_ID="21.10" VERSION="21.10 (Impish Indri)" VERSION_CODENAME=impish ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=impish

View on GitHub