Christopher Angelo Phillips
Christopher Angelo Phillips
@kzantow The explanation from @joycebrum LGTM. I think we can merge this and improve on some of the quick wins she highlighted in future smaller PR. WDYT?
👋 Thanks for the issue @xtreme-conor-nosal. Apologies for the wait here, but we're currently working on a way for vulnerability sources easier for community members to add. While we don't...
It might have to do with a poorly tuned `cpe` generated for the below `cve` `cpe:2.3:a:bitcoin:bitcoin:-:*:*:*:*:*:*:*` [CVE-2017-9230](https://nvd.nist.gov/vuln/detail/CVE-2017-9230) Rust bitcoin: ``` Library with support for de/serialization, parsing and executing on data-structures...
@emosbaugh! It looks like the related issue for this has been closed. Do you have any other info about this issue since it's been a year since it's been filed?...
Can reopen if there are more things you need here =)
@PapoyEdits thanks for the issue! Do you have an image we can use to reproduce the duplicates? I think there is some identifying information in the core syft data format...
👋 Thanks for filing the issue @vsoch. You are correct that random one-off binaries might not be listed if we don't have a cataloger for that specific package manager. A...
Just to get this on the main thread this PR is BLOCKED: https://github.com/npm/cli/issues/5532
Thanks @savujevi for the issue! Syft now has functionality where you can enable fetching metadata from upstream maven. Let me know if this fills out the PURL you're looking for...
Thanks for the issue @PapoyEdits! Apologies for the later response on this one. In short, this is a great issue and we're looking to get this functionality contributed under the...