Christopher Angelo Phillips
Christopher Angelo Phillips
Grant consumes syft as it's default SBOM generator when users don't bring their own bill of material. Syft has an open issue which would enhance the scoping selections https://github.com/anchore/syft/issues/15. Completing...
**What happened**: When using syft from the tip of main for image `caphill4/syft-manifest-bug:latest` the following behavior was experienced: - Name field was blank for multiple discovered package - Version field...
**What would you like to be added**: When syft runs a directory scan it should be able to intuition when it is in a git repository. This would then lead...
## Summary For the next version of Grant we'd like to see a `grant-db` that normalizes and merges the following datasets: - [OSI](https://opensource.org/license) - [GNU Operating System License List](https://www.gnu.org/licenses/license-list.en.html) -...
**What happened**: When I run `grype --fail-on medium node:latest` I should NOT see vulnerabilities in the table less than the value passed to `--fail-on` ``` grype --fail-on medium node:latest ✔...
**What happened**: Sometimes syft can encounter a dpkg license where the regular expression used to match on contents cannot correctly identify the license. In the following example we should find...
**What would you like to be added**: Syft should have a way to allow users to use a prereleased schema that does not follow the v1 stability rules. This schema...
**What would you like to be added**: A cataloger that is invoked on a directory scan for the Golang Ecosystem that discovers all `**/go.mod` files. The cataloger will use the...
**What would you like to be added**: The PNPM folks are pretty prolific and we'd like to support more versions of decoding dependencies from their lockfiles. The latest version v9.0...