Alex Goodman

I tried using syft within fedora core 40 to scan itself and was able to get a listing of installed RPMs that are in `/usr/share/rpm/rpmdb.sqlite` (I'm speaking relative to syft...

I ran into the same issue, an initial look shows that there is some processing missing when passing a raw image reference ``` vexctl attest --attach --sign vex.json ghcr.io/wagoodman/test-ctr-images/alpine@sha256:d98f53941d04a2c76b454064c27dd9ffc30cdb07c34001f45015752bdf1e4ecb ```...

> Creating an array of match types seems confusing... yeah, the JQ expression above was really a summarization of the effect. The goal isn't to create an array of match...

When we make a match we try not to drop it unless we're sure it's wrong or the user has an ignore rule for it -- neither really apply in...