Josh Bressers
Josh Bressers
This changes the entire flow of the contributing guide. Please consider this a first draft (it still needs more details). I tried to put the guide into a logical order...
I know an issue isn't the best spot for this request, so apologies in advance. I would love to use this mod, before I see about getting my own PCBs...
I just noticed if I have two different severities for the same identifier, I can't note this in a sensible manner. For example Let's say ID-1 affects two Linux distributions...
Today the data Grype uses for matching is sourced from upstream sources. If we want to modify any of this metadata, we have to submit those changes to the upstream...
OpenJDK version 8 CPEs tend to have very odd version identifiers, Grype does not appear to be doing the right thing (I'm not entirely sure what the right thing is)....
The CPEs that Syft emits for the binary version of OpenJDK versions appear to be incorrect. For our example of JDK 8 we will use the eclipse-temurin:8u392-b08-jdk image (the openjdk:8...
The project that seems to have birthed this one has an MIT license https://github.com/miguelgrinberg/flask-video-streaming/blob/v1/LICENSE Any chance you add an MIT license file to this to clear up any licensing questions?
It looks like if a repo has an advisory that was not marked to enter the global database, and that advisory is assigned a CVE ID, the CVE ID in...
As best as I can tell, most of the current Java packages cover Maven Central and not other maven repositories For example the Atlassian maven repo https://packages.atlassian.com/content/repositories/atlassian-public/com/atlassian/ contains confluence Java...
This PR was automatically created by Snyk using the credentials of a real user.Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of...