Alex Goodman
Alex Goodman
Once https://github.com/anchore/grype-db/pull/546 lands, I'll cut a release of grype-db in which case the next DB build will have the additional H & O CPEs.
On the surface this seems like a duplicate of #3213 , since this is ultimately about being able to tailor the search context within some larger reference context. However... >...
Tag on from gardening: it would be great to have parity with sbom-action and also respond to grype environment variables
What we're missing is the ability to know when the tags used to represent the version do not follow semver (in this case with a v prefix) so the version...
In the livestream we chatted about trying to orient about this generically around `advisory` where the vendor advisory ID would be used over the canonical vulnerability ID. This brings up...
Here's a sample copyright file in `debian:latest`: /usr/share/doc/debianutils/copyright ``` Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Comment: This is the Debian GNU/Linux package debianutils. It is an original Debian package. Programs in it were maintained...
This is now being handled more correctly with #3768 and #3563 : ``` $ syft mcr.microsoft.com/dotnet/aspnet:6.0 -o json | jq '.artifacts[] | select(.type == "dotnet") | {name: .name, version: .version,...
The current plan is once v6 is released we should [repin the DB in the quality gate](https://github.com/anchore/grype/blob/feat/v6/test/quality/.yardstick.yaml#L131-L132) but we shouldn't need a history.json capability implemented to do so. Today yardstick...
We do support OCI dir layouts out of the box too: ``` grype oci-dir:path/to/dir ``` Ideally we should make an update where `grype path/to/dir` will automatically figure if this is...
It was intentional to only validate the DB on download and not on start (for performance reasons) since validating every time could lead to [startup performance issues](https://github.com/anchore/grype/pull/224/commits/45d393804698782ab5d45e22af2782304f90e5b6). That being said,...