Christopher Angelo Phillips

Thanks for the report @lvets - I took a quick look and can't see why this is being dropped at the moment. I'll put needs investigation on this for now...

Ty for the bug report! It looks like we do account for this here: https://github.com/anchore/grype/blob/7a07e3d967e34724533c45f713fa5477ea96ed5c/grype/match/ignore.go#L30-L40 We need to investigate why the vex implementation is not getting wired over from the...

Thanks for the issue @zecke. I'm a little confused about this comment, how it relates to `govulncheck` and what we mean by `actual go packages` > I would have expected...

``` Summary Commit sha: [ad77979](https://github.com/anchore/grype/pull/2827/commits/ad77979841fc82071ee0b9c6b49ccf9ee6467f3a), Author: Mirza-Samad-Ahmed-Baig, Committer: Mirza-Samad-Ahmed-Baig; The sign-off is missing. ``` Looks like this still needs the DCO to be signed: ``` To add your Signed-off-by line...

@luissantosHCIT This one LGTM. I think I want the teams 🤝 on this one which is why I put `needs-discussion` on it. @kzantow is working on cross builds work right...

@spiffcs is running these locally on windows to validate in lieu of CI being setup for windows boxes at the moment. Will merge on confirmation of good vibes from the...

We reproduced this and found where in the code we could make improvements to upgrade this value from GPL to its SPDX expression of `GPL-2.0-or-later`. The current issue is that...

We do use the official list of SPDX ids. We've got an in memory map generated from the official SPDX list that is used in cases which translates common strings...

I added needs discussion to this so we could talk about adding the RefToPurl from build kit into syft and what it might look like on the next livestream

👋 thanks for filing the issue @wagner-robert - I think the reproduction steps are a little vague here. Can you help me out with the environment where you are experiencing...