jaskaransinghdr6j
jaskaransinghdr6j
+1, we face the same issue and currently have to flatten our application/service hierarchy for this and use Custom Fields and tags to point them to actual repositories. If implemented,...
Any update on this? This is blocking a lot of downstream automation.
is there any update on this. This is still being flagged widely by grype.
How can we disable CPE matching right now?
Thanks, this works! Worried if this will result in False negatives though.
Is there any update on this? It's affecting our CI pipeline. Any workaround which does not involve modifying the Dockerfile itself?
Is there any progress on slotting osv.dev integration? I find many Golang false negatives that could have been caught by an osv data feed.
Hey guys, any update on SARIF support?
+1 SARIF should ideally represent each "finding" as it's own line item. Being an interchange format, it would be right to use it as a 1 CVE per item template.
This is great! However, I feel as many findings aggregators will be using these findings to autofill fields like "Finding Title", the joined ruleId might be a bit too onerous....