Tim Gerla

Hey @tomerse-sg, thanks for the update. We'd like to talk in more detail about this feature at some point. We would need to do some design work to get this...

Hi @mirekphd, thanks for the suggestion. We will consider the idea. Are you running Grype directly against the container images in your pipeline? It might be possible for you to...

I'm going to go ahead and close this issue because I don't think we are planning on implementing this kind of caching in Grype, but please do let us know...

Hey @joshbressers, I just checked the NVD and it appears as though they have not corrected the "Up to" version info. Have you heard back from your request?

Hi @jonjohnsonjr, thank you for the report and sorry it's taken us a while to get back to you! We will put this in the backlog to look at as...

Hi @sabw8217, thanks for the report and sorry for the delay getting back to you. I've reproduced your result on our side and will discuss with the team. Thanks!

Hi @hibare, thank you for the suggestion! I think we would be open to this feature in the install script, especially if it were triggered by a command line flag....

> If Grype could check the current installed file is belong to patch rpm -, that would help not to report extra CVE, therefore, less false positive. Hi @sekveaja, if...

Hey @sekveaja, thanks for the updates. This helps a lot. Most of the behavior you're seeing is expected--differences between scans of the RPM itself and the directory of unpacked RPM...

Hi @navzen2000, thanks for the report. I am unable to reproduce this problem with the latest version of Grype: ``` tgerla@Timothys-MacBook-Pro-2 grype-1457 % grype okio-jvm-3.0.0.jar ✔ Vulnerability DB [no update...