tomerse-sg

icon indicating an email [email protected]

Results 14 comments of tomerse-sg

Add ability to see the first location a package was added

do you have an eta for this addition? can be helpful

Provide a way to get the LayerID the package was first found in

what is the status of this request? can be very useful :)

Enhance scoping selections

can be a very useful feature!

Add line numbers when reporting artifact locations

can be a nice feature for integrations like Github and helping developers to fix some issues.

Add a "severity" criterion to ignore rules

could be useful!

Add info subcommand in order to query grype db vulnerabilities

Hi @willmurphyscode , Thanks for the answer. I would like to query a specific CVE \ GHSA and get a list of all vulnerable packages without context of a specific...

grype should report vulns in GitHub Actions

why? seems the vulnerabilities in the GHSA DB has versions and not SHA (only 11 vulnerabilities in this kind of ecosystem). however, does syft has a github action parser? @westonsteimel

Using the information from cisa in grype

is it possible to add it to the grype-db schema change that is planned in the future? it can be a cool enrichment

Using the information from cisa in grype

can be relevant for here? https://github.com/anchore/grype-db/issues/108

add createdAt or updatedAt for vulnerabilities scheme

hi, from your experience, what is the approximate estimation time for the schema version 6 wish list?