Alex Goodman

We could add a `--severity` flag, or we could do something more generic and extensible such as: ``` grype --filter grype --filter 'severity=high' grype --filter 'severity>=high' ``` This would allow...

I want to revisit this statement for a bit: > SPDX 2.2 relationships are used to describe what will be added to the artifact package in terms of new relationship...

Team consensus from our weekly gardening meeting is to not tackle https://github.com/anchore/syft/issues/572#issuecomment-1932781666 , meaning we will only have DEPENDENCY_OF. Note: this means that if something is a dev, build, or...

I think we've taken this stance, but maybe not universally so. As written this is a little too broad to be actionable.

no delay felt on my end, thanks for the update 😎 ! (also, we recently open sourced [anchore/quill](https://github.com/anchore/quill) which is using `go-macho` for the `describe` command... this lib saved us...

These were left out when making keybindings configurable, we can put this in the next release. Once it's in, you'd have to override the arrow keybindings in a local dive...

Implemented in https://github.com/wagoodman/dive/pull/399

@sschuberth and @mark2185 pointed out a regression of this functionality https://github.com/wagoodman/dive/pull/399#issuecomment-1624891352

Existing results: ```bash $ grype ghcr.io/anchore/test-images/vex-oci-attach@sha256:8b95adbdf01ad43043ea9b63d6ac56abbe0e81b67fe40a27c39b6b83488f70ce b83488f70ce NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY coreutils 9.4-3ubuntu6 deb CVE-2016-2781 Low gpgv 2.4.4-2ubuntu17 deb CVE-2022-3219 Low libc-bin 2.39-0ubuntu8.2 deb CVE-2016-20013 Negligible libc6 2.39-0ubuntu8.2...

I've made a few changes: - updated the vex processor interface to not require `any` types in signatures. I see the reason for it: so we can support more than...