Chapman Pendery
Chapman Pendery
**What would you like to be added**: I'd like to have a method of observing any vulnerabilities that have occurred for a package's past versions **Why is this needed**: I'd...
Another thing which might potentially be useful (and should probably be configurable on individual ecosystem matcher level) could be if we find an NVD match and that CVE has a...
**What would you like to be added**: I'd like the data sources of grype to be at least inclusive of the ecosystems in osv.dev. I'm happy to contribute support for...
**What happened**: Grype is shadowing the Redis databases's vulnerabilities over the pypi redis package **What you expected to happen**: No vulnerabilities should be reported since the package isn't vulnerable. **How...
## 📝 Description Not a great solution, but it at least removes these false flagging events and matches the current practices of manual vendor/product additions by adding support for manual...
## 📝 Description Adds support for parse `rebar.lock` and `mix.lock` files to add cataloguing support for Elixir & Erlang projects that use the Hex package manager. Placed under the `beam`...
**What would you like to be added**: I'd like to have my Erlang/Elixir projects where I used Hex be able to produce sboms **Why is this needed**: Erlang and Elixir...
**What happened**: Syft generates cpes for python redis that shadow the real redis cpes **What you expected to happen**: This shouldn't happen as that leads to false flagging **How to...
## Description Follow up to the previous PR addressing all the feedback given. Adds `asort` to the supported hooks list Previous https://github.com/pre-commit/pre-commit.com/pull/677
## 📝 Description This adds a language qualifier to the purls for package managers where the packages can be written in multiple different source codes in order to allow for...