Dan Luhring

@jbergstroem I don't have context for Clair in particular, but this might help a little: [This section](https://github.com/chainguard-dev/vulnerability-scanner-support/blob/main/docs/scanning_implementation.md#step-1-detecting-the-distro) explains how scanners should identify the Wolfi/Chainguard distros. Definitely take a look at...

>One "problem" I have with package url is that it feels not naturally I have a thought along the same lines. I think supporting purl might not be a bad...

>When a policy is updated (cosign policy edit or something), the new policy should include a pointer to the previous policy's digest -- "previousRoot": "sha256:digest" -- which verifiers can lookup...

Just getting back from parental leave, but let me know if I can help with anything!

Hey @joshbressers, I'm curious to learn more... I'm seeing an issue with scans of jruby as well, and I'm curious if my issue is related to this one. In my...

Great, thanks @cdupuis! Ping me if I can help, too. 😃

Thanks @cdupuis and @justincormack! With the recent changes, I think we're in a much better state. I'll reach back out if I see anything else come up 🙇

After looking at more test cases, it looks like this isn't entirely fixed yet. 😞 Specifically, if Chainguard Images are being used as base images to build other images, Scout...

Hi @Spenhouet — thanks for the issue! This is definitely something for us to take a look at. The root factor here is that the VS Code extension leverages [grype](https://github.com/anchore/grype),...

Issue to track Windows support in Grype itself: anchore/grype#447