Lightnews — Scholar-powered news

Grype @grypeproject.bsky.social · 5m

Hey, did you know grype has an "explain" option, that... "explains" vulnerabilities.
There's even a blog about it: https://anchore.com/blog/introducing-grype-explain/
#security #vulnerability

Grype @grypeproject.bsky.social · 20h

Missed the Syft/Grype insights? No worries! Catch the recording of our latest Open Source stream here: #SoftwareSupplyChain

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 11th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

Grype @grypeproject.bsky.social · 1d

We're LIVE! The Anchore Open Source team is here to chat Syft, Grype, and all things #OpenSource. Jump in and say hi!

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 11th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

1

Grype @grypeproject.bsky.social · 1d

Live in 5 minutes! Join the Anchore Open Source stream NOW for all the Syft & Grype goodness. Your questions, our answers!

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 11th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

Grype @grypeproject.bsky.social · 1d

One hour until we go LIVE! Get your questions ready for the Anchore Open Source team – we're talking Syft, Grype & more! #DevTalk

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 11th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

Grype @grypeproject.bsky.social · 2d

Psst... tomorrow at 12 PM PT, the Anchore OS crew hits the airwaves! Get your Syft & Grype insights straight from the source. #Grype #Syft

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 11th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

Grype @grypeproject.bsky.social · 3d

Got Syft/Grype questions? Our Open Source team is live Thursday at 12 PM PT to tackle bugs, PRs, & future plans. Don't be a stranger! #SBOM

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 11th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

Grype @grypeproject.bsky.social · 7d

Want to influence the direction of Grype? 🚀 Tell us how you use it and what improvements you'd like to see! Your feedback matters! Survey here: https://forms.gle/hvgpNeZadLfFhCf69
#Grype #Security #OpenSource

1

Grype @grypeproject.bsky.social · 10d

Well, this is awkward...
https://www.reddit.com/r/devops/comments/1mbowvo/do_oss_compliance_tools_have_to_be_this_heavy/

A question posed in r/devops - "Do OSS compliance tools have to be this heavy? Would you use one if it was just a CLI?"...

Grype @grypeproject.bsky.social · 20d

Hey, did you know grype has an "explain" option, that... "explains" vulnerabilities.
There's even a blog about it: https://anchore.com/blog/introducing-grype-explain/
#security #vulnerability

1

Grype @grypeproject.bsky.social · 21d

Want to influence the direction of Grype? 🚀 Tell us how you use it and what improvements you'd like to see! Your feedback matters! Survey here: https://forms.gle/hvgpNeZadLfFhCf69
#Grype #Security #OpenSource

1

Grype @grypeproject.bsky.social · 21d

Think of your SBOM as an everything-bagel. 🥯 We find the moldy bits (vulns). Our friend Grant finds the cilantro (unwanted licenses 🌿). One #SBOM, no nasty surprises! See how it works:
https://www.youtube.com/watch?v=RVyryb8f5GQ

Grype @grypeproject.bsky.social · 22d

We're LIVE! The Anchore Open Source team is here to chat Syft, Grype, and all things #OpenSource. Jump in and say hi!

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 18th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

1

Grype @grypeproject.bsky.social · 22d

Live in 5 minutes! Join the Anchore Open Source stream NOW for all the Syft & Grype goodness. Your questions, our answers!

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 18th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

Grype @grypeproject.bsky.social · 22d

One hour until we go LIVE! Get your questions ready for the Anchore Open Source team – we're talking Syft, Grype & more! #DevTalk

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 18th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

Grype @grypeproject.bsky.social · 23d

With Grant 0.3.2 just out the door, we've got a perfectly timed technical webinar just for you!
Learn all about Grant, what's new, and the future, direct from the lead developer!
Sign up now ⤵️
https://go.anchore.com/whats-new-in-grant.html

Grype @grypeproject.bsky.social · 23d

Grant v0.3.2 released 🎉
https://github.com/anchore/grant/releases/tag/v0.3.2
#opensource #sbom #license

Release v0.3.2 · anchore/grant

Bug Fixes update grant so it can consume it's own json as source && stdin [#271 @spiffcs] add coloring to risk output [#272 @spiffcs] add OSI warning text [#273 @spiffcs] globs were not being pars...

github.com

1

Grype @grypeproject.bsky.social · 23d

TOMORROW 🚨 Join our live demo of Grant 0.3.0, the #opensource license scanner. We will be talking: Deeper GoLang Module Analysis, advanced license rules & enforcements and performance tune ups. Register now
https://go.anchore.com/whats-new-in-grant.html

Packages, Policies, and Performance: What’s New in Grant

Introducing the latest release of Grant, the open-source license scanner and reporting tool for container images, SBOM documents and filesystems.

go.anchore.com

1

Grype @grypeproject.bsky.social · 24d

Psst... tomorrow at 12 PM PT, the Anchore OS crew hits the airwaves! Get your Syft & Grype insights straight from the source. #Grype #Syft

Live SBOM & Security Fixes: Anchore Devs Improve Syft & Grype (September 18th)

Join our weekly *Open Source Security* live stream! Watch Anchore's Developer Relations and Engineering teams collaborate in real-time on crucial *Software Supply Chain Security* tools. This session focuses on improving *Syft* (for *SBOM* generation) and *Grype* (for *vulnerability scanning*), addressing community-raised issues and pull requests. Every Thursday, "Open Source Gardening" offers a transparent look into maintaining popular *open source security* projects. We'll dive into items marked 'needs discussion' and, time permitting, tackle other interesting contributions. Learn development best practices, understand the challenges of *SBOM* accuracy, and see how *vulnerability scanning* tools evolve. Whether you're a contributor, user, or just curious about *open source security*, tune in to learn and engage with the minds behind Anchore's OSS tools. *Agenda:* - Discuss and resolve issues/PRs tagged 'needs discussion'. - Tackle other high-priority or interesting community contributions for Syft, Grype, and related projects. *Resources & Learn More:* - Learn about SBOMs: [Link to Anchore's SBOM pillar page/guide if available] - Dive into Software Supply Chain Security: [Link to relevant Anchore pillar page/blog if available] - Syft on GitHub: https://github.com/anchore/syft - Grype on GitHub: https://github.com/anchore/grype - Join the Community Discussion: https://anchore.com/discourse - All Anchore Open Source Projects: https://github.com/anchore - Sign-up for the OSS Newsletter: https://get.anchore.com/anchore-community/ #OpenSourceSecurity #SBOM #SoftwareSupplyChainSecurity

www.youtube.com

1

Grype @grypeproject.bsky.social · 24d

🧭 Policies, packages, and performance. We're tackling all three this week in our Grant 0.3.0 release webinar, the #opensource license scanner. Join us and learn about the new features designed to provide you with more precise control and visibility ... https://go.anchore.com/whats-new-in-grant.html

Packages, Policies, and Performance: What’s New in Grant

Introducing the latest release of Grant, the open-source license scanner and reporting tool for container images, SBOM documents and filesystems.

go.anchore.com