Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: main mod pseudo version default off (#1894)

Browse source 
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
This commit is contained in:
Dan Luhring 2024-05-30 13:59:00 -04:00 committed by GitHub
parent 46865680f5
commit 316c0e9a11
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -855,7 +855,8 @@ match:
using-cpes: false
# even if CPE matching is disabled, make an exception when scanning for "stdlib".
always-use-cpe-for-stdlib: true
allow-main-module-pseudo-version-comparison: true
# allow main module pseudo versions, which may have only been "guessed at" by Syft, to be used in vulnerability matching
allow-main-module-pseudo-version-comparison: false
stock:
using-cpes: true
```

2
cmd/grype/cli/options/match.go
View file

@ -34,7 +34,7 @@ func defaultGolangConfig() golangConfig {
UseCPEs: false,
},
AlwaysUseCPEForStdlib: true,
AllowMainModulePseudoVersionComparison: true,
AllowMainModulePseudoVersionComparison: false,
}
}