ChristianCiach

That's strange. I am the guy who originally implemented recursive scanning of POMs in https://github.com/jaredsburrows/gradle-license-plugin/pull/27 and I've never seen this behavior. Well, we haven't updated the plugin in a while,...

This was driving me nuts. But it turns out that this is actually the "fault" of `less`, because it works properly with any other pager. The issue is that `less`...

After some investigation yesterday, I think this issue is even more important than I thought. Just a few months ago @otms61 created a PR for Trivy so that Trivy now...

@lcarva First of all, thank you! > @ChristianCiach, is using `.predicate` instead of `.predicate.Data` a problem for your use case? It is my understanding that `.predicate` is now correct in...

It just occurred to me that my proposed solution (`--decode` to decode the payload and concat the resulting documents) may be a bit too naive. I am not an expert...

That would be perfectly fine for me, since I am only interested in cyclonedx-json predicates. That being said, I don't feel it is particularly smart to specialise in specific predicate...

It looks like I've underestimated the complexity of this feature request. I am perfectly comfortable with continuing to work out the details before we implement some solution that turns out...

Thanks for your insight. Maybe it's wise to just do nothing for now. When cosign releases its next version and users are facing the deprecation warnings for the `sbom` attachments,...

I just noticed this. We were using an old (buggy) version of K9s by accident because we pull the most recent version `from quay.io/derailed/k9s`. @derailed Maybe it would better to...

I second the idea of @hakonph . If Spring-Boot ever releases a version catalog, all dependencies should be defined without their versions, **except** the entries for the `spring-boot-dependencies`-BOM and the...