Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

note supported versions of grype (#1458)

Browse source 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Alex Goodman 2023-08-24 15:31:09 -04:00 committed by GitHub
parent 0fd0c56d9a
commit f0f8454c3e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -167,6 +167,13 @@ use the `--distro <distro>:<version>` flag. A full example is:
grype --add-cpes-if-none --distro alpine:3.10 sbom:some-apline-3.10.spdx.json
```
### Supported versions
Any version of Grype before v0.40.1 is not supported. Unsupported releases will not receive any software updates or
vulnerability database updates. You can still build vulnerability databases for unsupported Grype releases by using previous
releases of [vunnel](https://github.com/anchore/vunnel) to gather the upstream data and [grype-db](https://github.com/anchore/grype-db)
to build databases for unsupported schemas.
### Working with attestations
Grype supports scanning SBOMs as input via stdin. Users can use [cosign](https://github.com/sigstore/cosign) to verify attestations
with an SBOM as its content to scan an image for vulnerabilities: