anthonyharrison
anthonyharrison
@terriko @Molkree pip version 22.3 is now issuing the following ` DEPRECATION: xxxx is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and...
Just scanned the docker binary (version 20.10.3), a program written in Go. It ijust appears as a normal Linux binary with the inevitable link to Glibc :-) and found 94...
> So far this always seems to happen on the Linux python 3.7 run, but it may just be due to the order the jobs are picked up. I've never...
Terri Looks like I have started something that could be a step change in improving the detection capability of the tool. I agree it needs some more thinking and some...
Some progress on this to result in some improved product/vendor matching (I have just tried this with SBOMs for the time being to try out some ideas; there needs to...
@ffontaine Maybe the root/filename columns are misleading but the original aim was to try and identify the files within an archive where the vulnerable component was. The '-' was to...
@ffontaine @terriko I agree that the column headings are confusing as they represent different elements dependent on whether the 'root' is an archive or not. I have now done some...
@ffontaine I think these updates to the code in console.py will do what you need. ``` def validate_path_length(path_name, path_type): # If long pathname replace with a note if len(path_name) >...
@terriko Looks an interesting addition to the SBOM support. The current SBOM support for cve-bin-tool is aligned with the formats desceibed in the recommendations from [NTIA](https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf). CoSWID looks like an...
@terriko The standard seems to be still evolvling with the [latest draft ](https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/)(version 22) being released in September 2022. It is clearly not stable as the current draft will expire...