Steffen Müller (HG)

Maybe "custom mapping" isn't the right term. ``` gherkin Given I have the following labels: spec: template: metadata: labels: app=dependencytrack stage=live department=sales service=inventory pod-template-hash=12c5401afc And I have selected "app" and...

With two labels "app=dependencytrack" and "app=nginx", some magic would be required to identify both by matching "app" left of the equals sign.

A user could provide a regex for matching labels like `SBOM_DTRACK_LABEL_TAG_MATCHER="^(?:app|stage)="`

Good to find this issue, which also affects me. It's a show stopper for me auditing container images based on Debian and Alpine. Even correctly detected versions result in false...

Ubuntu 22.04 with current ruby package (`ruby 1:3.0~exp1`) results in 32 open CVE. However, all those CVE have been fixed in 22.04. The leading `1:` in the version seems to...

Github provides deploy keys to authenticate non-human access at repository scope. https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys If your purpose is to push sboms to a single git repo, then deploy keys are the most...

Please ping me, if you are interested in pull requests. I'd update the PR to resolve conflicts then

Pitfalls: - When using `MAILER_SMTP_URL` for transport configuration, keep in mind to escape/urlencode any value, especially usernames and passwords. Otherwise the underlying nodemailer might parse the URL incorrectly, using false...