syft icon indicating copy to clipboard operation
syft copied to clipboard
verified publisher icon anchore

Syft generates too loose of cpes for python redis

Open cpendery opened this issue 3 years ago • 0 comments

What happened: Syft generates cpes for python redis that shadow the real redis cpes

What you expected to happen: This shouldn't happen as that leads to false flagging

How to reproduce it (as minimally and precisely as possible): See linked issue below for replication

Anything else we need to know?: Related to https://github.com/anchore/grype/issues/800

Environment:

  • Output of syft version: 38.1 (from Grype 40.0)
  • OS (e.g: cat /etc/os-release or similar):
System Version: macOS 11.6 (20G165)
Kernel Version: Darwin 20.6.0
Model Name: MacBook Pro
Model Identifier: MacBookPro16,1
Processor Name: 6-Core Intel Core i7

cpendery avatar Jun 25 '22 13:06 cpendery