Tim Gerla

Hi @haiazuki, thanks for the report! Based on our read of the CycloneDX specification, those fields aren't required, so we don't include them. It's definitely something we will consider adding....

We have had some other requests for ways to add additional information to the SBOM documents. It would be nice to spend some time designing a generalized approach for this.

Hi @gobiltd, thanks for the report. I've taken a look and the reason why we don't analyze this jar file is because it has no META-INF/MANIFEST.MF, which is an important...

Hi @lokcio, thanks for the additional details. The reason Grype doesn't show any vulnerabilities is because we don't currently have a feed of vulnerability data for Fedora yet. We would...

Hi @lclc, thanks for the issue. We think this idea makes sense. There is a workaround that you could use to inject some arbitrary information into your Grype result right...

Here is a feature request for Syft related to this request: https://github.com/anchore/syft/issues/2898

Hi @Atharex, thanks for the report. I think we will need more information to help you troubleshoot this. This doesn't look like a network error reaching the Grype DB's servers....

Hi @sekveaja, thank you for all of these false positive reports, please keep them coming and sorry we haven't followed up yet. We are looking into them. Stay tuned!

Hey @sekveaja, thanks for your patience on these. I think we have figured out the root cause for a lot of these. We are currently only using a subset of...

Hi @Oh-Py-God, thank you for the request. We will put this in the backlog. Is this something you're interested in working on? We are happy to help get you started...