Help shape the future of Grype! Share your thoughts in our quick 5-question survey. Your feedback will guide our development priorities and help us better serve your needs. Thank you! 
Release Notes:
Version v0.88.0
Added Features
- Add KEV information to v6 DB #2464 @wagoodman
- Add pretty format option #2406 @tomersein
- Add configuration for maven rate limit functionality #2397 @rawlingsj
- Allow specifying literal CPEs via the CLI #2463 @wagoodman
- Add KEV & EPSS to db search schema #2481 @wagoodman
- Update vulnerability matchers to use v6 DB schema #2132 #2311 @kzantow
- Configure and use new V6 DB distribution URLs #2126 #2439 @kzantow
Bug Fixes
- fix golang 1.24 versions when not semver compliant #2486 @xnox
- error out on maven search rate limiting #2460 @luhring
- CPE search failed when considering target software for unknown package type #2434 #2438 @westonsteimel
- Grype Does Not Clean TMPDIR When Running in a Docker Container #2500
GetMavenPackageByShacan be rate limited by maven central, grype will silently fail which results in inconsistent scan results #2383- Grype exits with error on JSON output with PURL input #2360
- Removal of temporary files not working on Windows #2233 #2439 @kzantow
grype db statusreports “valid” when the DB is missing #2077 #2439 @kzantowgrype db statusdoesn’t always check the db’s checksum and validity #1648 #2439 @kzantow- False positive of CVE-2023-45853 on apt zlib1g/now 1:1.2.13.dfsg-1 package #2412 #2474 @westonsteimel
- GHSA-93ww-43rr-79v3 / CVE-2024-10039 does not get patched version #2408
- “grype config” output swaps comments for search-indexed-archives / search-unindexed-archives #2409 #2414 @spiffcs
Breaking Changes
- Remove DB schema v3 and v4 code #2435 @wagoodman
- Replace
grype db diffwithgrype db search--modified-afterand--published-afterflags #2129 #2439 @kzantow
Additional Changes
- Refactor presenters to use static model over dynamic lookups #2492 @wagoodman
- update syft to 1.20 #2473 @kzantow