Dan Luhring
Dan Luhring
Hey! Here's how I would suggest thinking about this: First, I think "what's best today" might differ from "what's best down the road". Especially for the Wolfi part of your...
Hey @willmurphyscode! I think my previous comment is still correct. And I just replied on #1318. Also happy to set up a time to chat, on this and other related...
> can we accurately craft an CPE for all APKs in the alpine ecosystem for matching against NVD? If the bar being set here is "all", my guess is you...
Super late response! 🤦 Yes I think this is looking good!
Hi @tgerla, I just tested with Grype v0.62.2, and I don't think this has been fully implemented yet. #1266 incorporates Syft-format IDs into Grype's own JSON format, which is useful...
**Notes from @wagoodman:** >I think the most expensive part in curation is the downloading of the new DB (unavoidable) and the hashing of the DB on startup (which by default...
Interesting... I looked at the attached SBOM, and it looks like the JSON data is preceded by a two-byte [byte order mark](https://en.wikipedia.org/wiki/Byte_order_mark) (`0xFFFE`). This might be something we need to...
@jijames This is fascinating, thanks for the thorough investigation! So if I'm understanding the request here, it's that Grype be able to read SBOM files encoded as UTF-16LE?
This looks so cool!!!!! I see that conflicts have emerged over time, and I opened https://github.com/ko-build/ko/pull/1320 to see if we can get this across the finish line 🏁
This sounds cool! I think it'd be possible to produce OSV data from our advisory data. I think it's something worth considering at some point in the near future. For...