Tim Gerla
Tim Gerla
Hi @Tehsmash, thanks for the detailed analysis here. We'll take a look and figure out the best way forward here.
Thanks for the report, @richardkhardy. We are working on some improvements to the matching mechanisms that will help eliminate some of these false positives. Please stay tuned for this PR...
Thanks @jneate, we are discussing this. Would it make sense if we instead of removing the duplicate put a "(2)" indicator after the vulnerability ID, so that you could immediately...
Discussion for dev team: probably the easiest thing to do is refactor the model field names to match the JSON struct tags.
Hi @luhring, are you OK if we close this issue now that #1266 has been merged? Thanks!
If anyone has some experience with Windows and text encoding in Go, this might be a great first issue to work on!
Hi, we're going to go ahead and close this issue--we've discussed this and we wouldn't be able to extract enough useful data from an embedded Go binary to make any...
Hi @ariker, the python-package-cataloger actually looks for unpacked wheels and other Python packages, not for archives on the filesystem. The RPM file is picked up because we have a separate...
Hey @njv299, thanks for the report. For the first part, I think changing the glob as you suggest would be fine. Do you want to submit a pull request with...
Hi @atl-mk, thanks for the report! I tried quickly to reproduce on the same version of Syft: ``` mkdir syft-2611 && cd syft-2611 yarn && yarn add array-slice SYFT_JAVASCRIPT_SEARCH_REMOTE_LICENSES=true syft...