Christopher Angelo Phillips
Christopher Angelo Phillips
Nice catch @cpendery - I guess this is another case of the CPE being too losely formed since `pypi/redis` is distinct from redis/redis `cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*` This is what I expect should...
@Pivotal-Jeff-Jun thanks for filing the issue - the first spot that stands out to include this is as part of the properties section for vulnerabilities https://cyclonedx.org/docs/1.4/json/#vulnerabilities_items_properties Have you seen other...
Thanks @westonsteimel!
Thanks for the comment @usmankhanisb - looks like we need to get grype generating the latest version of cyclonedx as well as update it so it has parity with the...
Thanks @cpendery! I'm working on this today, but I really appreciate the offer.
Thanks for reporting the issue @xtreme-conor-nosal - I'll take a look and see if we can resolve this so that this is no longer being reported as a false positive.
Sure @fjammes! We're still trying to work out where we want to go with CPE generation so it's not such a moving target where we always see FPS. In the...
We can keep this under this bug thanks for the follow-up!
@avermeer we're working on a solution to factor this out, however, you can also be sure that grype is not executing the vulnerable code on any of its paths and...
Thanks for the issue @kingjs10. I'm working on a few other issues at the moment, but I made sure to give this the correct false positive label so that we...