Dan Luhring

icon indicating a website link https://hachyderm.io/@luhring

icon company @chainguard-dev icon location Alexandria, VA icon location Staff Software Engineer @chainguard-dev

Results 169 comments of Dan Luhring
trafficstars

No FIXED-IN values for CVE findings

This CPE data says that version 8 is vulnerable, so I wouldn't think we'd want logic that suggests that version 8 is a fixed version here, regardless. You're definitely right...

Package duplicated by different cataloger

cc: @wagoodman

Add support for dependency relationships for alpine (apk)

This one should not have been squashed 😄

Top-level API should be more composable

Adding two cents as I've just looked again at using Syft as a lib with "fresh eyes" 😄 . I like the idea of `sbom, err := syft.CreateSBOM(src, cfg)` that...

Support cataloging NuGet packages

Looks related to the problem @plaisted points out: #1799

Allow output of Syft JSON format in multiple schema version

cc @kzantow

Feature request: Creating overarching interface for all ui component models

I ran into this, too... I'm curious, why don't Bubbles implement `tea.Model`? In my case, I'm working on an app that asks different kinds of questions, and uses different components...

Fails to parse go stdlib version when experiments are set

Just adding an explicit note that this causes **false negatives**, too. The Go stdlib usually accounts for a large surface area in vuln-matching a Go binary, so situations where Grype...

sign SBOMs through cosign tool right after generated it through bom tool

Great idea! I just added [thoughts](https://github.com/anchore/syft/issues/510#issuecomment-939523521) to anchore/syft#510 for what our first iteration could look like, and I'm curious what choices folks think would make sense here in the `bom`...

False positives caused by mishandling CPE configuration logical operators

@westonsteimel curious if you have any thoughts here 😃