DEV Community

Cover image for 📢 Grype v0.40.1 released and php support
opt-nc profile image adriens
adriens for opt-nc

Posted on

📢 Grype v0.40.1 released and php support

#docker #security #devops #php

🗞️ News

Grype has just released an excitin version as it embeds the following issue :

Include php in Grype supported languages #792

cpendery avatar
cpendery posted on

What would you like to be added: php, via composer, should be listed in Grype's supported languages

Why is this needed: Composer is a namespace under Github in the Grype databases as early as May

Additional context:

View on GitHub

🍿 News and upgrade demo

Top comments (4)

Collapse
 
adriens profile image
adriens

Not finding vulnerabilities in php (composer) #797

josecoimbra avatar
josecoimbra posted on

What happened: Using grype as usual with a php (composer) project: grype dir:. produces an empty list of vulnerabilities.

What you expected to happen: A list of vulnerabilities.

How to reproduce it (as minimally and precisely as possible): I tried with this project, which is a composer project, and grype found no vulnerabilities. Even checking out tags of older versions.

Environment:

  • Output of grype version:
$ grype version
Application:          grype
Version:              0.40.0
Syft Version:         v0.48.1
BuildDate:            2022-06-17T16:15:24Z
GitCommit:            0703bae9778e661e2cc21d5caa816cda30472b14
GitDescription:       v0.40.0
Platform:             linux/amd64
GoVersion:            go1.18.3
Compiler:             gc
Supported DB Schema:  3
  • OS (e.g: cat /etc/os-release or similar):
$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 21.10"
NAME="Ubuntu"
VERSION_ID="21.10"
VERSION="21.10 (Impish Indri)"
VERSION_CODENAME=impish
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=impish
View on GitHub
Collapse
 
adriens profile image
adriens

Released to the Scan Action, check merged PR below :

Update Grype to v0.40.1 #180

anchore-actions-token-generator[bot] avatar
anchore-actions-token-generator[bot] posted on

Update Grype to v0.40.1

View on GitHub
Collapse
 
adriens profile image
adriens

... and coming to the scan action :

Update Grype to v0.40.1 #180

anchore-actions-token-generator[bot] avatar
anchore-actions-token-generator[bot] posted on

Update Grype to v0.40.1

View on GitHub
Collapse
 
adriens profile image
adriens

Read next

uthman_ehsan_23f3a68c03d7 profile image

405 Error Laravel Sanctum

Uthman Ehsan -

scofieldidehen profile image

Who is a Hacker?

Scofield Idehen -

ng_dream_3e53e6a868268e4d profile image

Running a Project Without Installing Dependencies

ngdream -

yayabobi profile image

Top 10 Code Security Tools

yayabobi -