Kai Oberbeckmann
Kai Oberbeckmann
Maybe jq also needs to be added to dependencies?
Hello Andre, I face the same issue that Debian package versions are not compared correctly. So thanks for taking on this issue. I tested the branch in a local DT...
Very interesting. Thanks for explaining. I hope I get it right that for [UBUNTU-CVE-2019-9923](https://osv.dev/vulnerability/UBUNTU-CVE-2019-9923) (tar, 1.30+dfsg-7ubuntu0.20.04.4) a vulnerability is reported because the version `1.30+dfsg-7ubuntu0.20.04.4` is in the range of `0`...
I'm facing the same issues. When I upload the following SBOM to DT, it reports ~200 vulnerability. For `Ubuntu:Pro:20.04:LTS` and `Ubuntu:20.04:LTS` there are only 7 open vulnerabilities for `tar`, `openssl`...
I'm wondering if reading the ecosystem from the version is the best approach, because it only solves the problem for some of the packages. Not all packages include information about...
I agree that this would be a great place to put the ecosystem information. But we would need to map the distro value to the name used in OSV database,...
+1 with the same Vagrant version