Jonas Xavier
Jonas Xavier
It would great to have it tested/verified in a CI box running macOS, or maybe linux since Homebrew supports linux
Side note, @jspeed-meyers we released an _experimental_ conversion feature in the latest syft, where you can convert from SPDX-json to tag-value by: ``` syft convert chronicle-sbom.spdx.json -o spdx-tag-value ```
As pointed out by the author of https://github.com/paketo-buildpacks/go-build/issues/302 this issue affects binaries compiled by a go compiler version < 1.18. I agree that a reasonable default should exist for compatibility...
Great issue. Adding an item to the list: * Document the manual publishing step.
From refinement. Possible approaches: * It's better to release maybe broken release notes, than have brew be broken while waiting for release to go from draft to published, we can...
Possibly helpful: https://github.com/sad0p/go-readelf
From [OSS meeting](https://docs.google.com/document/d/1ZtSAa6fj2a6KRWviTn3WoJm09edvrNUp4Iz_dOjjyY8/edit#): > We should consider when to catalog these based on the source being scanned (maybe images and dir only? Maybe not individual files?)
@ken-chou-finn thank for your work on this PR. On @JAORMX's [latest question](https://github.com/anchore/scan-action/pull/135#issuecomment-1108772134): grype currently prints the table and then errors out, like in the example below: ``` $ grype ubuntu:20.04...
The problem I had running ores dev_server was: > Traceback (most recent call last): File "/home/jonas/projects/sandbox/ores-test/3.4/bin/ores", line 11, in sys.exit(main()) File "/home/jonas/projects/sandbox/ores-test/3.4/lib/python3.5/site-packages/ores/ores.py", line 54, in main module.main(sys.argv[2:]) File "/home/jonas/projects/sandbox/ores-test/3.4/lib/python3.5/site-packages/ores/utilities/dev_server.py", line...
Current scan results for this jar: ``` grype log4j-over-slf4j-1.7.36.jar NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY log4j-over-slf4j 1.7.36 java-archive CVE-2020-9493 Critical log4j-over-slf4j 1.7.36 java-archive CVE-2022-23307 High ``` CPEs to trigger a...