Nathanael Burton

Java false positives - netty-reactive-streams, maven-resolver-api, etc

11

**What happened**: Various java third-party libraries are incorrectly mapped and compared to the underlying framework/ecosystem. `netty-reactive-streams` is mapped to `netty` and `maven-resolver-api` is mapped to `maven` CPEs even though they...

ignoredMatches dropped from results when using both by-cve and only-fixed config or CLI args

2

**What happened**: The `ignoredMatches[]` array that should be created when using `--only-fixed` or providing any custom ignore rules are dropped when also using `--by-cve`. **What you expected to happen**: The...

authorized_keys?

1

Should the default OPTIONS value also include 'no-pty' or is a pty necessary for what you're doing? mathrock

Cycle during symlink resolution prevents syft/grype scans from enumerating vulnerabilities

2

**What happened**: We recently came across an image where a user had accidentally created a symlink loop within their container image. This resulted in the image failing both syft and...