Skip to content

[WIP] feat: print vulns with grype using CVE instead of GHSA#5

Draft
Andreagit97 wants to merge 2 commits into
StackVista:mainfrom
Andreagit97:andreagit97-grype-output
Draft

[WIP] feat: print vulns with grype using CVE instead of GHSA#5
Andreagit97 wants to merge 2 commits into
StackVista:mainfrom
Andreagit97:andreagit97-grype-output

Conversation

@Andreagit97
Copy link
Copy Markdown

@Andreagit97 Andreagit97 commented May 28, 2026 

docker run --rm \
  -v /var/run/docker.sock:/var/run/docker.sock \
  anchore/grype:v0.112.0  quay.io/stackstate/zookeeper:3.9.5-7c9dc1f5-main-28

without the --by-cve flag

NAME          INSTALLED           FIXED IN              TYPE          VULNERABILITY        SEVERITY  EPSS           RISK   
jetty-http    9.4.58.v20250814    12.0.12               java-archive  GHSA-qh8g-58pp-2wxh  Medium    1.1% (78th)    0.5    
liblzma5      5.4.1-150600.3.3.1  0:5.4.1-150600.3.6.1  rpm           CVE-2026-34743       High      < 0.1% (18th)  < 0.1  
logback-core  1.3.15              1.3.16                java-archive  GHSA-25qh-j22f-pwp8  Medium    < 0.1% (19th)  < 0.1  
jetty-http    9.4.58.v20250814                          java-archive  GHSA-355h-qmc2-wpwf  High      < 0.1% (7th)   < 0.1  
netty-codec   4.1.130.Final       4.1.133.Final         java-archive  GHSA-mj4r-2hfc-f8p6  High      < 0.1% (4th)   < 0.1  
sed           4.9-150600.1.4      0:4.9-150600.3.3.1    rpm           CVE-2026-5958        Medium    < 0.1% (0th)   < 0.1  
logback-core  1.3.15              1.5.25                java-archive  GHSA-qqpg-mvqg-649v  Low       < 0.1% (2nd)   < 0.1  
jackson-core  2.15.2              2.18.6                java-archive  GHSA-72hv-8253-57qq  Medium    N/A            N/A

With the --by-cve flag

NAME          INSTALLED           FIXED IN              TYPE          VULNERABILITY        SEVERITY  EPSS           RISK   
jetty-http    9.4.58.v20250814    12.0.12               java-archive  CVE-2024-6763        Medium    1.1% (78th)    0.5    
liblzma5      5.4.1-150600.3.3.1  0:5.4.1-150600.3.6.1  rpm           CVE-2026-34743       High      < 0.1% (18th)  < 0.1  
logback-core  1.3.15              1.3.16                java-archive  CVE-2025-11226       Medium    < 0.1% (19th)  < 0.1  
jetty-http    9.4.58.v20250814                          java-archive  CVE-2026-2332        High      < 0.1% (7th)   < 0.1  
netty-codec   4.1.130.Final       4.1.133.Final         java-archive  CVE-2026-42583       High      < 0.1% (4th)   < 0.1  
sed           4.9-150600.1.4      0:4.9-150600.3.3.1    rpm           CVE-2026-5958        Medium    < 0.1% (0th)   < 0.1  
logback-core  1.3.15              1.5.25                java-archive  CVE-2026-1225        Low       < 0.1% (2nd)   < 0.1  
jackson-core  2.15.2              2.18.6                java-archive  GHSA-72hv-8253-57qq  Medium    N/A            N/A

@Andreagit97
feat: print vulns with grype using CVE instead of GHSA
a8d23d7 
Signed-off-by: Andrea Terzolo <andrea.terzolo@suse.com>
@Andreagit97 Andreagit97 requested a review from a team as a code owner May 28, 2026 13:49
@Andreagit97
Copy link
Copy Markdown
Author

Andreagit97 commented May 28, 2026

Unfortunately i see the dedup is still broken

  - CVE-2026-2332 [HIGH] jetty-http [grype]
  - CVE-2026-2332 [HIGH] org.eclipse.jetty:jetty-http [trivy]
  - CVE-2026-34743 [HIGH] liblzma5 [grype]
  - CVE-2026-42583 [HIGH] io.netty:netty-codec [trivy]
  - CVE-2026-42583 [HIGH] netty-codec [grype]

@Andreagit97
tmp
1c44d9d 
Signed-off-by: Andrea Terzolo <andrea.terzolo@suse.com>
@Andreagit97 Andreagit97 force-pushed the andreagit97-grype-output branch from 43a541e to 1c44d9d Compare May 28, 2026 15:26
@Andreagit97 Andreagit97 marked this pull request as draft May 28, 2026 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Andreagit97