π Celebrating Issue #561
Previously when we were running grype
on an image, we were could get vulnerabilities
... but not we could be easily aware of where they were coming from.
In other words its "type" (deb
, java
,... ) :
See previous demo for more about the previously available datas for vulnerabilities :
π΅οΈ About Java Bytecode, native binaries & security (short Grype benchmark)
adriens for opt-nc γ» Apr 7 '22 γ» 2 min read
π The new feature
Fortunately, the following issue has been shipped in the latest v0.35.0 grype
release :
Indicate location of vulnerability #561
What would you like to be added: Add library location and software dependancy on scan output.
Why is this needed: The grype output only indicate the library/package. However it doesn't give a reference to where its hosted and which software might have installed it. This info is needed for vulnerability mitigation.
Additional context:
To get it :
brew install grype
, to upgrade it :
brew upgrade grype
ποΈ Demo
Now let's see what it does look now :
β¬ οΈ Shift Left considerations
Since now, programmers can easily be aware of any security flaw during development pahse itself, on their workstation.