Releases: quay/claircore
Releases · quay/claircore
Release list
v1.5.53 Release
v1.5.53 - 2026-07-17
-
claircore: support "not affected" vulnerability assertions
Vulnerability reports can now surface explicit "not vulnerable" assertions via PackageNotVulnerable. Matching records with Vulnerability.Invert set are kept out of PackageVulnerabilities. The matcher DB persists this as vuln.not_vulnerable.The Red Hat VEX updater now ingests known_not_affected product status
as inverted vulnerabilities. -
acceptance: add the acceptance testing framework
The acceptance testing framework allows users to hook into claircore's integration testing by calling acceptance.Run() and providing an Auditor. A claircore Auditor is provided and it allows users to test expected claircore results against real results using fixed inputs: VEX data and container images. -
postgres: add existence check to type in all cases
Having both matcher and indexer tables in the same database isn't explicitly allowed or disallowed. This makes it order independent anyway and avoids migration conflict errors.
v1.5.52 Release
v1.5.51 Release
v1.5.51 - 2026-03-24
- indexer: align affectedManifests call with matcher definitions
Make the matching process consistent across both the vulnerability matching and the manifest matching that is performed by the affectedManifests logic. It reduces the number of queries to 1 per matcher per vulnerability.
v1.5.50 Release
v1.5.49 Release
v1.5.49 - 2026-02-05
-
sbom: add SPDX decoding support
Claircore can now make use of SPDX documents it generates. The SPDX support is currently limited to claircore-generated documents. -
logging: claircore now uses
log/slogIf users were integrating with `zlog`, they should now instead configure the `log/slog` package's `Default.`For additional integration, see the
toolkit/logpackage. -
sbom: add purls to SPDX documents
When creating SPDX documents, claircore now generates purls.