Philippe Ombredanne
Philippe Ombredanne
Create a web UI to rank and prioritize package vulnerabilities in a global package catalog based on available vulnerability scores
When a package is in DejaCode and has been furthered scanned, or is in the purldb I would like to drill down aka. navigate to its scan details either in...
See: - https://github.com/SwiftPackageIndex/PackageList/blob/main/packages.json - https://swiftpackageindex.com - https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server - https://github.com/nexB/scancode-toolkit/issues/2657
It would be useful to index all the container images, in particular base layer for popular images. This would speed up identification and enable matching from ScanCode.io
There is a strong base in these issues: - https://github.com/nexB/purldb/issues/373 - https://github.com/nexB/scancode.io/issues/1188 (and related sub issues)
I would like to analyze roughly 1000 source and binary packages with d2d pipeline to evaluate how it performs. Some packages to consider could include xz-utils/liblzma, Apache httrace, and a...
We have solid exact file matchers and some ongoing investigations for tree and approximate matching. We need these new code matchers to the PurlDB. These could be exposed as REST...
I would like to have this feature with this design (which needs refinement) - Call purlcli using a PURL as an input (typically a binary PURL) - This would call...
via @pabs3 https://aminet.net/ is an archive of Amiga software with many less common licenses like > If you use it in a commercially released program without my consent, well, >...
Given a PURL, this is about scanning code for virus with clamav. This will be exposed in the purldb - [ ] nexB/scancode.io#1182 - [ ] Enable calling ScanCode.io virus...