Christopher Angelo Phillips

icon indicating a website link cphillips.io

icon company Anchore icon location Washington, DC icon location Golang - Rust - Neovim

Results 38 issues of Christopher Angelo Phillips

Commit range is including incorrect number of commits

**What happened**: Chronical is identifying the correct commit range to search: ``` [0000] TRACE searching commit range since=04a55885ee162ec00548ec39df68c5b62cf213b5 until=1d013affc27ff04c45411183443def13ca136088 ``` ``` ➜ grype git:(pipeline-parity) ✗ git rev-list --ancestry-path 04a5588..1d013a 1d013affc27ff04c45411183443def13ca136088...

bug

Recent incompatibility between two UI libraries

**What happened**: When going to update to the latest version of bubbletea I found the following error: ``` # github.com/erikgeiser/promptkit/textinput ../../go/pkg/mod/github.com/erikgeiser/[email protected]/textinput/model.go:102:8: input.BackgroundStyle undefined (type "github.com/charmbracelet/bubbles/textinput".Model has no field or method...

bug

Test: add quality gate for percentage of namespaces exercised by at least one test image

**What would you like to be added**: During the quality gate we want to check if results are being tested from > 70% of namespaces. Example: coverage of namespaces sampled...

enhancement

Test: assert namespaces populated before publishing a DB

1 comment

**What would you like to be added**: An integration test or self validation should be added to `grype-db` that checks if the database being published includes all known namespaces (or...

enhancement

feature: update default SBOM configuration to improve source detection for Golang code

Grant consumes syft as it's default SBOM generator when users don't bring their own bill of material. This issue is a placeholder to incorporate changes in syft where source analysis...

Golang
syft

feat: grant should be able to read it's own json output for `check` or `list` and provide a more complex interactive visualizer

### Placeholder for design on interactive report viewer

feat

feat: workflow commands that can patch and output an SBOM for declared vs concluded licenses

SPDX makes a distinction between declared and concluded packages. Declared: "List the licenses that have been declared by the authors of the package" Concluded: "Contain the license the SPDX document...

feat

feat: grant should have a `policy` command that aids users in constructing a baseline policy for their images or software

Some examples of this would be to generate a policy of exclusions from an image that is already known as compliant. Example: ``` grant policy --exclude image:base:latest ``` ^ This...

feat

feature: raise issue when package is labeled as X license, but source header shows Y

Grant has the ability to show the license declared for a package as surfaced by syft. Syft should also be able to communicate to consumers if a declared license is...

syft

feature: source content measured against true license text

Whenever possible grant should attempt to obtain the originally analyzed license text and compare it to the official OSI license text. This can surface any changes made by the software...

feat