Added Features
- duplicate RHSAs to all applicable RHEL minor versions [PR #3542 @willmurphyscode]
- add chainguard osv transformer [PR #3474 @crosleyzack]
- populate package architecture for matching [PR #3504 @willmurphyscode]
- lightweight reachability analysis to reduce Golang false positives [Issue #2960] [PR #3509 @spiffcs]
- Deduplicate Go matches that are aliases of each other (same CVE reported under both a
govulndbGO-* ID and its GHSA) [Issue #3511] [PR #3509 @spiffcs] - Support Ubuntu ESM [Issue #3544] [PR #3546 @wagoodman]
Bug Fixes
- regenerate v6.1.8 blob and sql schemas [PR #3574 @spiffcs]
- rhel version streams [PR #3572 @kzantow]
- Grype doesn't match u-boot in SBOM if type is set to firmware [Issue #2537]
- Ignore Go compiler affecting CVE when Docker image only contains a binary compiled with Go [Issue #1782]
- Zarf scans emit warnings for consistently unreadable files (i.e., included non-SBOMs) [Issue #3516] [PR #3545 @brandtkeller]
- Fail parsing github actions [Issue #3220]
- Go vulnerability returned when installed version is greater than fixed version [Issue #3520]
Dependencies
14 dependency changes (11 updated, 3 added).
Updated (11 packages)
v0.1.0 → v0.2.0
v1.46.0 → v1.48.0
v1.18.6 → v1.19.0
v0.38.0 → v0.39.0
v0.46.0 → v0.47.0
v1.31.1 → v1.31.2
v4.28.2 → v4.28.4
v4.34.0 → v4.34.4
v3.1.2 → v3.1.3
v1.72.3 → v1.73.4
v1.51.0 → v1.53.0
Added (3 packages)
v1.14.23
v1.6.0
v1.0.1