Christopher Angelo Phillips

icon indicating a website link cphillips.io

icon company Anchore icon location Washington, DC icon location Golang - Rust - Neovim

Results 38 issues of Christopher Angelo Phillips

Integration Coverage for New Pacakges

**What would you like to be added**: We've had a lot of catalogers added for syft. We should do a quick scrub on the integration test side to make sure...

enhancement

When running syft with command line args for verbosity the command fails if the configuration is set

**What happened**: When running `syft -vv alpine:latest` an error will occur if the configuration file is also set for verbosity. **What you expected to happen**: No error for syft to...

bug
good first issue
community-meeting

Syft command restructure

8 comment

**What would you like to be added**: Currently syft's root and packages commands produce the same `package` specific output: `syft packages node:latest > /dev/null ` `syft node:latest > /dev/null` ![Screen...

enhancement
breaking change

Add ALPM Metadata to CYCLONEDX and SPDX output formats

1 comment

**What would you like to be added**: ALPM package parsing/identification has been added to Syft as of #943. The next step is getting the metadata for those packages output into...

enhancement

Attestation Fails using GHCR as upstream image registry

2 comment

**What happened**: Keyless Attestation fails when interacting with GHCR: https://github.com/anchore/syft/issues/835#issuecomment-1138946411 https://github.com/anchore/syft/issues/835#issuecomment-1139082543 **What you expected to happen**: When I use syft's keyless attestation feature with GHCR I expect a status code...

bug

fix: update alpine matchers to use SecDB entries as fixed information rather than vuln source

6 comment

## Summary The alpine matcher needs to be updated to behave a little differently from the other distro specific matchers. [Secdb](https://secdb.alpinelinux.org/) is a collection of records that denotes if a...

Follow up on 1094 - Windows Directory Resolver error for ALPMDB dir:. scan

**Please provide a set of steps on how to reproduce the issue**: See #1094: cataloging ALPM symlinks ends in an error condition on windows `syft/pkg/cataloger/alpm/parse_alpm_db.go:110`

bug
windows

CycloneDX License Encoding

1 comment

**What would you like to be added**: PR https://github.com/anchore/syft/pull/1743 changes how syft processes license encoding for the cycloneDX format. If syft finds "other licenses", licenses that are not a valid...

enhancement
question
format:cyclonedx
license

WIP: narrow golang match comparison for pseudo versions

1 comment

## Summary This PR attempts to narrow the golang_constraint `Satisfied` logic as a follow up to #1797 #1797 allows grype to proceed with matches when it encounters a package with...

Fix incorrect commit range

## Summary ## Short circuit iterator given a start references commit time so multiple previous commits for the start ref are not included in the iterator Fixes #74