Hi,
I"m just wondering why this CVE isn’t in the DB yet? it was release more than 10 days ago and the grype db has been updated since then
Can anyone explain please?
Hi,
I"m just wondering why this CVE isn’t in the DB yet? it was release more than 10 days ago and the grype db has been updated since then
Can anyone explain please?
you can use the command
grype db search CVE-2024-7646
and you will find it exists
the command is available from grype version v0.80.0
Hi @Gradge,
Is there a scan where you were expecting to find this CVE matched by grype? Can you tell me a little more about what you were expecting to find?
The NVD record is currently awaiting analysis. It is included in Grype DB because Anchore has added CPEs for it to our own records, since NVD hasn’t analyzed it yet.
Sorry i forgot i was using a cached DB once it was updated i saw the CVE was there, no it wasn’t part of a scan so right now there is no issue.
False alarm
But i was wondering how does Grype handle cases where there is no NVD confirmation so thanks for answering that too @willmurphy