Matthew Lorimor
Matthew Lorimor
>This discussion is probably offtopic (a little bit), but the rustsec team should clearly apply to be a CNA and assign their own CVEs. I have no clue if they...
This is timely. I was just looking at a way to make it so that the Goss testing output wasn't simply piped to `stdout`. This improvement should allow me to...
Also, @FalcoSuessgott, Windows/Powershell has [`Tee-Object`](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/tee-object?view=powershell-7.4).
@tylerjroach - Thanks! Out of curiosity, is this something an outsider to Amazon/AWS could have routed to the proper spot? I couldn't find anywhere that seemed like the centralized repo...
I'm assuming that there would be a potential problem when utilizing data from `explore.alas.aws.amazon.com` because Grype's entire trigger around building any vuln entry at all with respect to Amazon Linux...
Related: https://github.com/anchore/grype/issues/368
@willmurphyscode - Thanks for taking a peek! > the one we currently use, which is at Right; the ALAS feeds. I'm hoping this other data can be used wholesale to...
For posterity (and for my own sanity), I tested out the aforementioned `curl` CVE on current AL2 and AL2023 (they're the only ones running affected versions). Both have the functionality...
@willmurphyscode - Circling back to this. I just spot checked that [same](https://explore.alas.aws.amazon.com/CVE-2025-0167.html) `curl` CVE again. I'm not thrilled with what I see in `explore.alas.aws.amazon.com`. That "feed" doesn't show it as...
I bet they'd start caring about that data set if scanners started using it...