John M. Horan
John M. Horan
In connection with work on a [VulnerableCode issue ](https://github.com/nexB/vulnerablecode/issues/1228) involving affected vs. fixed package versions, I realized that we need to identify and compare the respective major versions of a...
See also https://github.com/nexB/vulnerablecode/issues/1022.
[@mjherzog comment] A significant subset of the Added/Removed files in a DeltaCode comparison are likely due to a version change for the same component. This will be complex to solve...
I recently ran DeltaCode on two ScanCode scans of the same codebase (which happened to be `e2fsprogs-1.44.2`). Both scans were run with ScanCode v2.9.2 -- the difference: * One scan...
Once our new/updated support for `cocoapods` and `pypi` has been added to `packageurl.contrib.purl2url` (https://github.com/package-url/packageurl-python/issues/143) and `fetchcode.package` (https://github.com/nexB/fetchcode/issues/116), we'll need to update the PURL CLI tools `urls` command to reflect and...
Working on the `metadata`, `urls` and `versions` PURL CLI commands (see https://github.com/nexB/purldb/issues/247), - I occasionally get errors when trying to validate a PURL -- often a `pkg:deb/debian/2ping` (or similar deb/debian)...
We need to consolidate the `Fixed by packages` tab and the `Affected packages` tab in the `Vulnerability details` page into a single tab with a table in which the rows...
While working on the SUSE Oval importer, I've been exploring the Debian and Ubuntu OVAL importers and noticed that in one set of test files, we are reporting `potrace` as...
Working on the PURLdb RTD, I noticed a variety of ways we refer to the names of services, functions and other concepts in our documentation. See my [purldb comment](https://github.com/nexB/purldb/pull/450#discussion_r1622877163) for...
- Also replaced PURL normalization option with default deduplication. Reference: https://github.com/nexB/purldb/issues/365