John Speed Meyers
John Speed Meyers
**What happened**: I was trying to convert the JSON format of the v0.3.0 SBOM to the tag-value format. The tool I was using reported multiple non-unique SPDXID package IDs and...
> AFAIK yes, Docker is needed if you are using the scripts at hack/ to run the dev env, but if you are on Alpine you can probably run it...
Closes #259 Is this helpful? If not, should there be something else? Or should I simply close this issue and PR?
**Describe the bug** The HTML report for PyPI package faiss needs a bit more explanation. When there are no detections, it is probably worth providing the user a bit more...
Hi @RootLUG, One thing that could be helpful is to place a numeric count of each indicator severity level by the filter buttons in the HTML output. It would be...
@RootLUG, I'm sure you've thought of this and it would probably be a pain. But I find myself clicking on the indicators in the HTML view hoping that I get...
The current implementation of `create_list_without_duplicates` includes a relatively expensive check of if an element is in a list. https://github.com/spdx/tools-python/blob/8050fd9c41a92c75ec2ba9eb10ed9a919c375fa9/src/spdx_tools/spdx/document_utils.py#L51-L57 Using a set to keep track of unique elements will speed...
To help an AuraBorealis user understand to which package version the scan results pertain, add a means within the GUI to understand the package version for each package name displayed.
Do are there different chunks of code that do autocomplete; each chunk does their own version. It would be better if there was one and only one chunk of code...
As requested by Bob G, add a recommender capability to provide similar packages to a user. There is a lot to be determined about such a feature, but this could...