Skip to content

Commit

Permalink
mitigate CVE-2023-48795 for grype
Browse files Browse the repository at this point in the history 
Signed-off-by: cpanato <[email protected]>
  • Loading branch information
@cpanato
cpanato committed Dec 20, 2023
1 parent d6cc8f2 commit 26fed7a
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion grype.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package:
name: grype
version: 0.73.4
epoch: 1
epoch: 2
description: Vulnerability scanner for container images, filesystems, and SBOMs
copyright:
- license: Apache-2.0
Expand All @@ -19,6 +19,10 @@ pipeline:
uri: https://github.com/anchore/grype/archive/v${{package.version}}/grype-${{package.version}}.tar.gz
expected-sha512: 4365c9833aa70c2b5b8ba3e1f6386e36b114c621d1bc21dbec5778c031bad324f36b189975518c9dd4b72f1343f82444785cc569e7338c80a89320e7baa7e4eb

- uses: go/bump
with:
deps: golang.org/x/[email protected]

- runs: |
CGO_ENABLED=0 go build \
-ldflags "-w -X github.com/anchore/grype/internal/version.version=${{package.version}}" \
Expand Down

0 comments on commit 26fed7a

Please sign in to comment.