Changelog

Updates

• Update to latest syft for faster indexing and SBOM generation when consuming source and not using the SBOM as an input

Full Changelog

Bug Fixes

• regression: Grype 0.54.0 does not find vulnerabilities in Nodejs runtime itself anymore [Issue #1043]

Additional Changes

• bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a [PR #1095] [wagoodman]
• chore: prune cosign dependency for grype builds [PR #1100] [spiffcs]
• chore: bump yardstick for better quality gate filtering [PR #1101] [westonsteimel]
• chore: add new images to quality gate [PR #1106] [westonsteimel]
• fix: exclude OS packages from CPE target filtering [PR #1130] [westonsteimel]
• fix: ignore some false-positives for ruby gems [PR #1132] [westonsteimel]