Christopher Angelo Phillips

Thanks @kaniini! We'll take a look here and see if we can add a bit more nuance to the APK cataloger and matcher.

@thediveo thanks again for filing this issue. We've done a ton of work recently regarding corrections in the data source as well as db corrections for npm and golang modules....

Ahh nice thanks @sparrowt. Commenting here so I can come back and add this documentation when I get a spare moment.

Hey @awoodsprim I was able to recreate this locally with the information you provided. I validated that `CVE-2021-43798` is in the grype database so I'll start digging into why this...

So digging into this a bit more I think I'm starting to understand the mismatch. Here are the current CPE that match for the vulnerability in the vulnerability database: Can...

Hi @andmagom! Thank you for raising this issue. It might take some time for us to investigate and get you a good in-depth answer on what's causing the delta here...

👋 @gmontalvoy thanks so much for filing the issue! I ran grype against the BCI image with one of our newer releases and see that it's picking up the packages...

Thanks for the issue @freedom-isnotanarchy! I'll go through our issues and see if we have individual issues already filed for these 3 requests. Also did you mean to include more...

@awca22 From the community meeting (8/4): We're going to move forward and start publishing a `grype:ci` with the prepackaged db. Look for that coming out in the next release cycle....

We no longer rely on docker being installed and have broken this off into its own block: https://github.com/anchore/syft/pull/1133