Releases: anchore/syft
Releases · anchore/syft
v1.29.0
Contributors
jkugler and houdini91
Assets 27
- 2.06 KB
2025-07-21T19:49:39Z - 3.08 KB
2025-07-21T19:49:39Z - 96 Bytes
2025-07-21T19:49:39Z - 236 KB
2025-07-21T19:49:38Z - 20.9 MB
2025-07-21T19:49:33Z - 236 KB
2025-07-21T19:49:38Z - 19.4 MB
2025-07-21T19:49:33Z - 20.1 MB
2025-07-21T19:49:37Z - 20.8 MB
2025-07-21T19:49:35Z - 235 KB
2025-07-21T19:49:38Z -
2025-07-21T19:36:43Z -
2025-07-21T19:36:43Z - Loading
v1.28.0
Contributors
wagoodman and cpanato
Assets 27
v1.27.1
Bug Fixes
- Allow decoding of enterprise-modified anchorectl json files [#3997 @wagoodman]
- Allow decoding of anchorectl json files [#3973 @wagoodman]
Additional Changes
Contributors
wagoodman and kzantow
Assets 27
v1.27.0
Added Features
Bug Fixes
- Remove CPE product candidates for phf, prometheus, hyper and Rust crates [#3967 @jayvdb]
- Remove CPE product candidates for opentelemetry and redis Rust crates [#3962 @jayvdb]
- Harden Container Runtime with Non-Root User [#3941 @MikeTheCyberGuy]
- terraform provider lock entries should not require constraints [#3934 @ghouscht]
- sbom cataloger returning upstream package [#3662 #3981 @kzantow]
- Syft missing md5 sums and list data for dpkg packages under
status.d/[#3912] - Failure to detect dependency relationships between Python packages [#3958 #3965 @christoph-blessing]
- Heavy memory consumption when directory scanning deb source [#3928 #3953 @kzantow]
- In versions 1.25.0 and later, graalvm-native-image-cataloger adds 3-6 hours to Syft [#3942 #3944 @kzantow]
- Syft incorrectly reports multiple APKs as parents of symlinked files [#3847 #3923 @luhring]
A HUGE thank you to @rezmoss for his help identifying and solving an issue causing excessive time and memory consumption with large numbers of symlinks! ❤️
Contributors
jayvdb, kzantow, and 6 other contributors
Assets 27
v1.26.1
Contributors
kzantow
Assets 27
v1.26.0
Added Features
- Read version resources from non-.NET DLLs and executables [#3842 #3911 @wagoodman]
Bug Fixes
pkg.JavaArchive.PomPropertiesis being populated even though nopom.propertiesfile was present for analysis [#3922 @wagoodman]- syft 1.24.0 debug container - wget fails TLS [#3891 #3915 @spiffcs]
Contributors
wagoodman and spiffcs
Assets 27
v1.25.1
Contributors
wagoodman
Assets 27
v1.25.0
Added Features
- Add PHP interpreter + extensions cataloger [#2585 @LaurentGoderre]
Bug Fixes
- update license content filtering default case to be 'none' for no content [#3903 @spiffcs]
- Distinguish openjdk vs jdk when using file source [#3895 @adammcclenaghan]
- Make it discoverable if Native Image contains no embedded SBOM [#3731 #3805 @sathiya06]
Contributors
LaurentGoderre, adammcclenaghan, and 2 other contributors
Assets 27
v1.24.0
Added Features
- Add cataloger for Dart pubspec [#3292 @LaurentGoderre]
- Translate Portage license strings to SPDX expressions [#1763 @wagoodman]
- Use package ID from decoded SBOMs when provided [#1872 @jneate]
- Annotate visible/hidden paths when all-layers scope [#3855 @wagoodman]
- Add support for PHP Pear [#2775 @LaurentGoderre]
- Detect whether full license text or a license name has been provided [#3088 #3876 @spiffcs #3450 @spiffcs]
- Add Cataloger for Homebrew on macOS [#3632 #3724 @rezmoss]
- Provide a way to get the LayerID the package was first found in [#435 #3858 @wagoodman #3138 @tomersein]
- Go binaries that currently get
(devel)as the version should instead stubUNKNOWNbased on the compliance policy [#3324 #3873 @wagoodman] - Upgrade base Docker image to gcr.io/distroless/static-debian12 [#3840 #3862 @bgoareguer]
- Return full license string instead of SHA256 hash when license string exceeds 64 characters [#3780 #3844 @spiffcs]
- Detect nix dependencies [#3814 #3837 @wagoodman]
Bug Fixes
- update license sort to be stable with contents field [#3860 @spiffcs]
- Improve detection of erlang binary in alpine Linux [#3839 @avodotiiets]
- Do not search for main module versions within binary contents by default [#3874 @wagoodman]
- dpkg license improvement for non SPDX licenses [#3090 #3888 @spiffcs]
- CycloneDX group field not symmetrically handled by encoder/decoders [#2981 #3853 @kzantow]
- Syft crash [signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x123a0da] [#3872 #3875 @wagoodman]
- Syft 1.23.1 shows version (devel) for grafana 12.0.0 [#3864]
- .NET cataloger does not always pair up PE binaries and deps.json packages, resulting in duplicate packages on some runs [#3866 #3869 @wagoodman]
- Propagate error in FileSourceProvider instead of warn log [#3831 #3845 @Rupikz]
- Update github.com/Masterminds/semver package [#3829 #3836 @popey]
- go-module-file-cataloger fails if symlinks in path [#3614 #3783 @VictorHuu]
- Support fluent-bit some versions of arm/s390x images [#3793 #3817 @VictorHuu]
Additional Changes
Contributors
wagoodman, LaurentGoderre, and 10 other contributors
Assets 27
v1.23.1
Additional Changes
- Resolve owned file paths when searching for overlaps [#3828 @wagoodman]
Contributors
wagoodman