Christian Hopf

thanks @elntagka for your quick response, but it still doesn't work: - I've started the database and the "clair-local-scan" image as described. - I built the image for the scanner...

I've got it partially working now. There are images where this message still occurs, and others were the vulnerabilities are listed correctly. This weird behavior seems to be there since...

Are there plans to add a generic `extra-materials` parameter to include other workflows or something else into the provenance? The [philips-labs/slsa-provenance-action](https://github.com/philips-labs/slsa-provenance-action) has this feature and it is very useful to...

The generator adds the repo and digest of the repository the action runs in (the place where the reusable action is called). That's totally fine, but in addition, I use...

Thanks for your detailed explanation @ianlewis. > If I understand correctly you have a workflow A that calls workflow B and possibly C, D etc. and you want to capture...

That's exactly what I'm looking for. Thanks @laurentsimon. :+1:

Hi @muellerst-hg, thanks for your request. Sure, the Dependency Track integration can be extended with the pod-labels as you specified. What do you mean with "custom mapping"? Can you give...

I got it, you want to control which pod-labels should be mapped to Dependency Track.

fyi, I'm currently working on this.

@outofcoffee Do you still work on this?