Tim Gerla

We're looking through some old issues and we're going to go ahead and close this issue. If anyone is having specific issues with Amazon Linux vulnerability matching please go ahead...

Hello, after upgrading to the latest Grype I can confirm that this false positive is no longer reported. (Please see https://anchore.com/blog/say-goodbye-to-false-positives/ for more details.)

Hi @guizmaii, thanks for letting us know. We understand the root cause of this problem and it's something we are working on fixing--I'll leave this open for tracking until we...

Hello all, we have made some recent changes to the way that Grype matches vulnerabilities. These Java-related false positives should all be fixed now. Please see this blog post for...

I will go ahead and close this issue because it should be fixed by our recent switch to the GHSA database for some vulnerability matches. Please see https://anchore.com/blog/say-goodbye-to-false-positives/ for more...

I'll go ahead and close this old issue but please feel free to re-open it or open a new one if it is still a problem!

Hi @HellBoss69, sorry for the long delay replying to this issue. When you run a Syft scan on a directory versus an image, a different set of catalogers are run...

I believe this is complete--please re-open if I'm wrong!

I will go ahead and close this issue because it should be fixed by our recent switch to the GHSA database for some vulnerability matches. Please see https://anchore.com/blog/say-goodbye-to-false-positives/ for more...

This class of problems should be fixed now that we have adjusted our vulnerability matching method as described here: https://anchore.com/blog/say-goodbye-to-false-positives/ -- I'll go ahead and close this issue but please...