Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The logs showed 4 vulnerabilities, but the final report only had 2. #1360

Closed
lyzhang1999 opened this issue Jun 24, 2023 · 3 comments
Closed

The logs showed 4 vulnerabilities, but the final report only had 2. #1360

lyzhang1999 opened this issue Jun 24, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@lyzhang1999
Copy link

What happened:
The logs showed 4 vulnerabilities, but the final report only had 2.
What you expected to happen:
report all 4 vulnerabilities
How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

> grype sbom:./sbom.json
 ✔ Vulnerability DB        [no update available]
 ✔ Scanning image...       [4 vulnerabilities]
   ├── 0 critical, 3 high, 1 medium, 0 low, 0 negligible
   └── 0 fixed

NAME     INSTALLED  FIXED-IN  TYPE  VULNERABILITY   SEVERITY 
busybox  1.35.0                     CVE-2022-28391  High      
busybox  1.35.0                     CVE-2022-30065  High

Environment:

  • Output of grype version:0.63.0
  • OS (e.g: cat /etc/os-release or similar): macOS 13.4
@lyzhang1999 lyzhang1999 added the bug Something isn't working label Jun 24, 2023
@tgerla
Copy link
Contributor

tgerla commented Jun 24, 2023

Hi @lyzhang1999, could you attach the sbom.json file that shows this behavior, and we will take a look? Thank you!

@tgerla tgerla added this to OSS Jun 24, 2023
@tgerla tgerla moved this to Awaiting Response in OSS Jun 24, 2023
@tgerla
Copy link
Contributor

tgerla commented Jun 24, 2023

I believe this is the same issue as: #1312

@willmurphyscode
Copy link
Contributor

Hi @lyzhang1999, I believe this was fixed in Grype version 0.63.1, see https://github.com/anchore/grype/releases/tag/v0.63.1 which closed #1312. Please let us know if you're still facing this issue.

@github-project-automation github-project-automation bot moved this from Awaiting Response to Done in OSS Jul 11, 2023
@p-linnane p-linnane mentioned this issue Jul 13, 2023
Merged
This was referenced Jul 14, 2023
Closed
Closed
@dependabot dependabot bot mentioned this issue Jul 21, 2023
Closed
@dependabot dependabot bot mentioned this issue Jul 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tgerla @lyzhang1999 @willmurphyscode