DEV Community

Cover image for 📢 Grype v0.40.1 released and php support
opt-nc profile image adriens
adriens for opt-nc

Posted on

📢 Grype v0.40.1 released and php support

#docker #security #devops #php

🗞️ News

Grype has just released an excitin version as it embeds the following issue :

Include php in Grype supported languages #792

cpendery avatar
cpendery posted on

What would you like to be added: php, via composer, should be listed in Grype's supported languages

Why is this needed: Composer is a namespace under Github in the Grype databases as early as May

Additional context:

View on GitHub

🍿 News and upgrade demo

Top comments (4)

Collapse
 
adriens profile image
adriens

Not finding vulnerabilities in php (composer) #797

josecoimbra avatar
josecoimbra posted on

What happened: Using grype as usual with a php (composer) project: grype dir:. produces an empty list of vulnerabilities.

What you expected to happen: A list of vulnerabilities.

How to reproduce it (as minimally and precisely as possible): I tried with this project, which is a composer project, and grype found no vulnerabilities. Even checking out tags of older versions.

Environment:

  • Output of grype version:
$ grype version
Application:          grype
Version:              0.40.0
Syft Version:         v0.48.1
BuildDate:            2022-06-17T16:15:24Z
GitCommit:            0703bae9778e661e2cc21d5caa816cda30472b14
GitDescription:       v0.40.0
Platform:             linux/amd64
GoVersion:            go1.18.3
Compiler:             gc
Supported DB Schema:  3
  • OS (e.g: cat /etc/os-release or similar):
$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 21.10"
NAME="Ubuntu"
VERSION_ID="21.10"
VERSION="21.10 (Impish Indri)"
VERSION_CODENAME=impish
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=impish
View on GitHub
Collapse
 
adriens profile image
adriens

Released to the Scan Action, check merged PR below :

Update Grype to v0.40.1 #180

anchore-actions-token-generator[bot] avatar
anchore-actions-token-generator[bot] posted on

Update Grype to v0.40.1

View on GitHub
Collapse
 
adriens profile image
adriens

... and coming to the scan action :

Update Grype to v0.40.1 #180

anchore-actions-token-generator[bot] avatar
anchore-actions-token-generator[bot] posted on

Update Grype to v0.40.1

View on GitHub
Collapse
 
adriens profile image
adriens

Read next

ninjasoards profile image

Setup a VPS on Hetzner Cloud

David Y Soards -

manethpak profile image

Hosting a simple docker-compose app with Nginx and generate a SSL with certbot on digitalocean droplet

Pak Maneth -

mwendwatechie profile image

API GOVERNANCE CHECKLIST FOR MANAGERS IN 2024

Mwendwa -

vmihailenco profile image

Uptrace v1.6 is available

Vladimir Mihailenco -