Dan Luhring
Dan Luhring
Good find... I see that Syft is generating a few CPEs that "refer to" Kubernetes _directly_, via its current generation method: ```json "cpes": [ "cpe:2.3:a:hazelcast-kubernetes:hazelcast-kubernetes:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:hazelcast-kubernetes:hazelcast_kubernetes:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:hazelcast_kubernetes:hazelcast-kubernetes:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:hazelcast_kubernetes:hazelcast_kubernetes:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:hazelcast-kubernetes:kubernetes:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:hazelcast_kubernetes:kubernetes:1.5.4:*:*:*:*:*:*:*",...
Hi @karthickm512, thanks for the issue! I'm not very familiar with Akka. I see there are several variants of Akka published currently. I tried scanning this JAR, but I don't...
Hi @karthickm512, thanks for the Grype output excerpt. I'd like to be able to reproduce this scan result. Do you have a container image I could use to do a...
Thanks for the report, @kenlavbah! Do you have an image URL or Dockerfile handy we can use to reproduce this? Also, this might not resolve the issue, but there have...
@kenlavbah Thanks! I was able to reproduce this. And I think you're right about the link to #496. Thanks again for the report!
Thanks @TheDiveO! Keep 'em coming.
> > And another one, where the CVE origins can't get their act correctly and make another mess: a match of `CVE-2015-5237` on google.golang.org/protobuf ... which actually is the golang...
Hey @sprt, this sounds cool! This is certainly something we're open to. Our main considerations are that the colors are **a)** helpful (like you mention) and **b)** easily readable, even...
👍 I like this idea!
Hi @leonardsaraujo, from my initial reading of https://nvd.nist.gov/vuln/detail/CVE-2016-5425, it looks like the CVE record does indicate that this software is vulnerable, which would mean that Grype is surfacing this match...