Changelog
Updates
- Update to latest syft for faster indexing and SBOM generation when consuming source and not using the SBOM as an input
Bug Fixes
- regression: Grype 0.54.0 does not find vulnerabilities in Nodejs runtime itself anymore [Issue #1043]
Additional Changes
- bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a [PR #1095] [wagoodman]
- chore: prune cosign dependency for grype builds [PR #1100] [spiffcs]
- chore: bump yardstick for better quality gate filtering [PR #1101] [westonsteimel]
- chore: add new images to quality gate [PR #1106] [westonsteimel]
- fix: exclude OS packages from CPE target filtering [PR #1130] [westonsteimel]
- fix: ignore some false-positives for ruby gems [PR #1132] [westonsteimel]