Tim Gerla

Hi Naranthiran, as far as I can tell, your method of calling Syft is fine, and I don't see anything out of the ordinary in the generated SBOM. It does...

Hi @Noxsios, thanks for filing this issue. Could you tell us a bit more about how you are making use of Syft and Stereoscope in this environment? Are you calling...

Thanks @Noxsios, we're going to need to spend a little bit more time investigating this so we'll put it in our backlog.

Hi @markphelps, thanks for the suggestion! It would be great to have quill in homebrew. We'll add this to the backlog for the future, but if you're interested in tackling...

Hi @cfergeau, thanks for the report. We'll take a look as soon as we can.

@mykaul check out the golang section of the Syft configuration file: https://github.com/anchore/syft/wiki/configuration -- there are two settings, `search-local-mod-cache-licenses` and `search-remote-licenses` that can be enabled to retrieve license data.

Hi @msmeissn, thank you for the heads up. When will the .gz files stop being generated? It should be an easy enough change on our side but it would be...

Hey @luhring or other Chainguard folks, are you able to take a look at this? Thanks!

Thanks @westonsteimel, I thought maybe since Dan contributed the original provider he might want to make the fix. :)

Hi @wenoukiz, thanks for the question. At the moment, Syft has no catalogers that will report OS or hardware CPEs, so the SBOM won't match any vulnerabilities, and Grype only...