Christopher Angelo Phillips

Hey @scottaglia! Thanks for filing this. I'll take a look and see why this CVE has not made it into the DB yet and see if it updated today.

This is an excellent find @jonmcewen! Thanks for filing this issue. Because we do matching for the java ecosystem using cpe generation from syft we're showing our bias a bit...

Yep! Just validated this today and it looks like the PR fixed the underlying issue: Thanks again for the great contribution @jonmcewen!

Thanks @cnaude! We'll start investigating how to cycle this publishing point into our release process. If you know how or have a sample of code of your own things publishing...

Also can confirm we're picking this up given the above output. I'm going to close this issue. Feel free to reopen if there is an error still surrounding the detection...

Thanks for the bump on this issue @Turbots and thank you @ThomasVitale for filing the issue. I'm working on closing a PR for grype at the moment and then will...

@Turbots while we work on a fix that possibly lowers the severity of this vulnerability in the grype feed service you can specify matches you'd like to ignore via the...

We have a linked issue for this here and are tracking different internal ways we can start providing corrections for these FP. Grype recently added a new table into the...

@rmccarth thanks for filing an issue! When I run `grype -o json node:latest` I get a list of vulnerabilities in that image. Here is an example of one of those...

Ahh awesome! We don't have any plans in the immediacy on mapping these `layerID` back to a `Dockerfile`. PR are welcome if you have an idea for an improvement to...