fahed dorgaa
### What is the problem you're trying to solve Building oci images that depend on each other is a pain. Right now in nerdctl, you have to manually figure out...
### Discussed in https://github.com/containerd/nerdctl/discussions/1570 Originally posted by **qi0523** November 30, 2022 How to break down pull latency and unpack latency when using `nerdctl pull` ? [more details ](https://github.com/containerd/nerdctl/discussions/1570#discussioncomment-4328900)
### Description Currently, the logs generated by `nerdctl internal oci-hook ` are not displayed in the containerd logs. This appears to be because the ocihook command runs in a separate...
use an absolute `build path` otherwise fallback to `workingDir`
Hello, First, I would like to thank you for creating `VulnWhisperer`. It is a great initiative, and I found it very inspiring while researching solutions for vulnerability prioritization. I noticed...
### Current Behavior Currently, `Dependency-Track` only considers the [analysis](https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_analysis) section when importing CycloneDX VEX documents, ignoring ratings scores provided in [vulnerabilities[].ratings[]](https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_ratings). This prevents organizations from sharing evolving ratings and scores...
### Describe the feature Many CycloneDX VEX consumers (e.g `Dependency-Track`, `Trivy`..) consider only `analysis.state` (e.g., `not_affected`, `exploitable`, `resolved`) and ignore `vulnerabilities[].ratings[]` (e.g., CVSS, OWASP Risk Rating). Ratings carry essential exploitability...
I am translating @stevespringett 's [feedback](https://github.com/CycloneDX/specification/issues/719#issuecomment-3528968238) on the CycloneDX VEX specification into the code. > Should ratings be normative inputs for prioritization in VEX consumers? _Yes, they should be. It...
Currently, using the `gvisor-tap-vsock` port driver adds a userspace TCP proxy, which reduces throughput from `~6.5 Gbit/s` to `~4.0 Gbit/s` due to extra copies and wakeups. It seems possible to...