Anchore Open Source Weekly Report
This report covers the community activity in Anchore Open Source Projects from July 7, 2025 to July 13, 2025.
Executive Summary
The Anchore Open Source team had a focused week with 13 issues and pull requests resolved across Syft and Grype. Community engagement was strong with multiple bug reports leading to quick fixes, particularly around EPSS scoring display and Go module compatibility issues. The team delivered significant enhancements including RHEL EUS detection support in Syft and improved EPSS score presentation in Grype’s output.
Weekly Metrics
| Metric | Community | Staff | Total |
|---|---|---|---|
| Issues Closed | 5 | 0 | 5 |
| Pull Requests Merged | 2 | 6 | 8 |
| Bug Fixes | 3 | 3 | 6 |
| Enhancements | 2 | 2 | 4 |
| Documentation Updates | 1 | 0 | 1 |
| Performance Improvements | 0 | 1 | 1 |
| Other | 0 | 1 | 1 |
Key Achievements
1. EPSS Scoring Display Improvements in Grype
Community member Jason Culligan (huornlmj) reported an important issue (#2778) about Grype showing EPSS percentiles instead of the more useful probability scores. Alex Goodman quickly responded with PR #2785 to show both EPSS score and percentile in table output, aligning with EPSS best practices for displaying vulnerability exploit prediction data. This enhancement makes Grype’s vulnerability output more actionable for security teams.
2. RHEL EUS Detection Added to Syft
Keith Zantow delivered PR #4023 adding support for Red Hat Enterprise Linux Extended Update Support (EUS) detection. This enhancement improves Syft’s ability to accurately identify RHEL EUS distributions, enabling more precise vulnerability detection for enterprise environments running extended support versions of RHEL.
3. Go Module Compatibility Issues Resolved
Community contributor Štefan Baebler identified and fixed a critical issue (#2777) where obsolete redirect directives in Grype’s go.mod file were breaking go run and go install commands. The fix was delivered in PR #2780, restoring proper Go toolchain compatibility for developers building Grype from source.
4. Database URL Listing Issue Resolved
A long-standing issue reported by Philip Roche (#2513) regarding incorrect database URLs in grype db list output was resolved. The fix ensures that the displayed database URLs are valid and accessible, improving the user experience when managing vulnerability databases.
5. Performance Optimization for Database Operations
Will Murphy contributed performance improvements in PR #2793, implementing memory-saving pragmas before database vacuum operations. This enhancement reduces memory usage during database maintenance operations, particularly beneficial for users running Grype in resource-constrained environments.
Community Contributions
The Anchore team continues to benefit from active community engagement:
- Jason Culligan provided detailed feedback on EPSS implementation, leading to improved vulnerability scoring display
- Štefan Baebler identified and fixed Go module compatibility issues affecting developer workflows
- Philip Roche helped confirm resolution of database URL listing problems
- bytetigers contributed documentation improvements by fixing comment issues
Note: This report is based on issues and pull requests closed during July 7-13, 2025. Additional work is ongoing in open issues and pull requests not covered in this report.
Want to get involved? Visit anchore.com/opensource to learn how you can contribute to Anchore’s open source projects!