Grype – Experimental News Clipping Site

Anchore: NPM Supply Chain Breach Response for Anchore Enterprise and Grype Users

Sep 11, 2025

—

by

Source URL: https://anchore.com/blog/npm-supply-chain-breach-response-for-anchore-enterprise-and-grype-users/ Source: Anchore Title: NPM Supply Chain Breach Response for Anchore Enterprise and Grype Users Feedly Summary: On September 8, 2025 Anchore was made aware of an incident involving a number of popular NPM packages to insert malware. The technical details of the attack can be found in the Aikido blog post: npm…

Docker: Secure by Design: A Shift-Left Approach with Testcontainers, Docker Scout, and Hardened Images

Aug 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/a-shift-left-approach-with-docker/ Source: Docker Title: Secure by Design: A Shift-Left Approach with Testcontainers, Docker Scout, and Hardened Images Feedly Summary: In today’s fast-paced world of software development, product teams are expected to move quickly: building features, shipping updates, and reacting to user needs in real-time. But moving fast should never mean compromising on quality…

Anchore: Anchore is Excited to Announce it’s Inclusion in the IBM PDE Factory: An Open Source-Powered Secure Software Development Platform

Jul 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/anchore-is-excited-to-announce-its-inclusion-in-the-ibm-pde-factory-an-open-source-powered-secure-software-development-platform/ Source: Anchore Title: Anchore is Excited to Announce it’s Inclusion in the IBM PDE Factory: An Open Source-Powered Secure Software Development Platform Feedly Summary: Powered by Anchore’s Syft & Grype, IBM’s Platform Development Environment Factory delivers DevSecOps-as-a-Service for federal agencies seeking operational readiness without the integration nightmare. Federal agencies are navigating a…

Anchore: Time to Take Another Look at Grype: A Year of Major Improvements

Jun 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/time-to-take-another-look-at-grype-a-year-of-major-improvements/ Source: Anchore Title: Time to Take Another Look at Grype: A Year of Major Improvements Feedly Summary: If you last tried Grype a year ago and haven’t checked back recently, you’re in for some pleasant surprises. The past twelve months have significantly improved the accuracy and performance of our open source vulnerability…

Anchore: False Positives and False Negatives in Vulnerability Scanning: Lessons from the Trenches

May 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/false-positives-and-false-negatives-in-vulnerability-scanning/ Source: Anchore Title: False Positives and False Negatives in Vulnerability Scanning: Lessons from the Trenches Feedly Summary: When Good Scanners Flag Bad Results Imagine this: Friday afternoon, your deployment pipeline runs smoothly, tests pass, and you’re ready to push that new release to production. Then suddenly: BEEP BEEP BEEP – your vulnerability…

Anchore: Generating SBOMs for JavaScript Projects: A Developer’s Guide

Mar 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/javascript-sbom-generation/ Source: Anchore Title: Generating SBOMs for JavaScript Projects: A Developer’s Guide Feedly Summary: Let’s be honest: modern JavaScript projects can feel like a tangled web of packages. Knowing exactly what’s in your final build is crucial, especially with rising security concerns. That’s where a Software Bill of Materials (SBOM) comes in handy…

Anchore: Contributing to Vulnerability Data: Making Security Better for Everyone

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/contributing-to-vulnerability-data-making-security-better-for-everyone/ Source: Anchore Title: Contributing to Vulnerability Data: Making Security Better for Everyone Feedly Summary: Software security depends on accurate vulnerability data. While organizations like NIST maintain the National Vulnerability Database (NVD), the sheer volume of vulnerabilities discovered daily means that sometimes data needs improvement. At Anchore, we’re working to enhance this ecosystem…

Anchore: Grype DB Schema Evolution: From v5 to v6 – Smaller, Faster, Better

Mar 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/grype-db-schema-evolution-from-v5-to-v6-smaller-faster-better/ Source: Anchore Title: Grype DB Schema Evolution: From v5 to v6 – Smaller, Faster, Better Feedly Summary: In our latest Grype release, we’ve updated the DB schema to v6. This update isn’t just a cosmetic change; it’s a thoughtful redesign that optimizes data storage and matching performance. For you, this means faster…

Anchore: How Syft Scans Software to Generate SBOMs

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/how-syft-scans-software-to-generate-sboms/ Source: Anchore Title: How Syft Scans Software to Generate SBOMs Feedly Summary: Syft is an open source CLI tool and Go library that generates a Software Bill of Materials (SBOM) from source code, container images and packaged binaries. It is a foundational building block for various use-cases: from vulnerability scanning with tools…

Anchore: Grype Support for Azure Linux 3 released

Nov 4, 2024

—

by

system automation

in Uncategorized

Source URL: https://anchore.com/blog/grype-support-for-azure-linux-3-released/ Source: Anchore Title: Grype Support for Azure Linux 3 released Feedly Summary: On September 26, 2024 the OSS team at Anchore released general support for Azure Linux 3, Microsoft’s new cloud-focused Linux distribution. This blog post will share some of the technical details of what goes into supporting a new Linux distribution…

Tag: Grype