Tag: GitHub Advisory Database
-
Anchore: NPM Supply Chain Breach Response for Anchore Enterprise and Grype Users
Source URL: https://anchore.com/blog/npm-supply-chain-breach-response-for-anchore-enterprise-and-grype-users/ Source: Anchore Title: NPM Supply Chain Breach Response for Anchore Enterprise and Grype Users Feedly Summary: On September 8, 2025 Anchore was made aware of an incident involving a number of popular NPM packages to insert malware. The technical details of the attack can be found in the Aikido blog post: npm…
-
Anchore: Time to Take Another Look at Grype: A Year of Major Improvements
Source URL: https://anchore.com/blog/time-to-take-another-look-at-grype-a-year-of-major-improvements/ Source: Anchore Title: Time to Take Another Look at Grype: A Year of Major Improvements Feedly Summary: If you last tried Grype a year ago and haven’t checked back recently, you’re in for some pleasant surprises. The past twelve months have significantly improved the accuracy and performance of our open source vulnerability…
-
Anchore: False Positives and False Negatives in Vulnerability Scanning: Lessons from the Trenches
Source URL: https://anchore.com/blog/false-positives-and-false-negatives-in-vulnerability-scanning/ Source: Anchore Title: False Positives and False Negatives in Vulnerability Scanning: Lessons from the Trenches Feedly Summary: When Good Scanners Flag Bad Results Imagine this: Friday afternoon, your deployment pipeline runs smoothly, tests pass, and you’re ready to push that new release to production. Then suddenly: BEEP BEEP BEEP – your vulnerability…