DEV Community

Cover image for πŸ’‰ Grype 0.35.0 new feature : Indicate location of vulnerability
adriens for opt-nc

Posted on β€’ Edited on

3 2

πŸ’‰ Grype 0.35.0 new feature : Indicate location of vulnerability

πŸ‘ Celebrating Issue #561

Previously when we were running grype on an image, we were could get vulnerabilities

... but not we could be easily aware of where they were coming from.

In other words its "type" (deb, java,... ) :

Image description

See previous demo for more about the previously available datas for vulnerabilities :

πŸ–• The new feature

Fortunately, the following issue has been shipped in the latest v0.35.0 grype release :

Indicate location of vulnerability #561

What would you like to be added: Add library location and software dependancy on scan output.

Why is this needed: The grype output only indicate the library/package. However it doesn't give a reference to where its hosted and which software might have installed it. This info is needed for vulnerability mitigation.

Additional context:

To get it :

brew install grype
Enter fullscreen mode Exit fullscreen mode

, to upgrade it :

brew upgrade grype
Enter fullscreen mode Exit fullscreen mode

🎞️ Demo

Now let's see what it does look now :

⬅️ Shift Left considerations

Since now, programmers can easily be aware of any security flaw during development pahse itself, on their workstation.

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Sentry image

See why 4M developers consider Sentry, β€œnot bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more