Niklas

It sounds like DefectDojo takes a long time to respond. Have you checked the DefectDojo logs for any hints?

A BOM I generated yesterday had similar oddities, although I am failing to reproduce it now. I used the same cdxgen command as above, but it was run on the...

Ah, that makes sense. Ok so when I nuke the atom and slices files, the linked BOM is reproducible. Should I raise a separate issue for the erroneous occurrence assignments,...

Thanks @prabhu, appreciate the thorough response. > 1. Regarding Enums appearing in occurrence evidence for alpine-common. > > This is correct behaviour! Those enums and internal types are used in...

Thanks, can confirm the line numbers appear to be correct now! Also exclusion of the `generated-sources` directory has largely helped with incorrect assignment of Protobuf occurrences to `kafka-clients`. I am...

> You are asking for only one kind of usages. Perhaps, instead of dumbing down the research profile, we can simplify appsec profile to do what you are after? Not...

@ElenaStroebele What is the underlying requirement for this? I am a bit confused as to what this is supposed to achieve.

Then I'd prefer to close this. There could be similar situations for other fields and we can't add log fields for all of them. If there is a need for...

If I'm not mistaken this would require us to depend on the SDKs of *every single major cloud provider* because they all have some custom code to make their integrations...

What happens when you set the `http_proxy` and / or `https_proxy` env vars to `http://username:[email protected]` instead? From what I can see your config looks fine, although I don't think modifying...