Trevor Vaughan

@briansmith So, I like Rust (a lot) and I have a lot of folks that need FIPS compliance. As mentioned, RHEL implemented `go-toolchain` to allow golang apps to automatically hook...

@JafarAkhondali This appears to highlight the issue. Running `npm install` results in a run with no findings. However, running `yarn install` results in findings as expected. `package.json` ```json { "name":...

Ah, that certainly could be the issue. I was just surprised that the following were true: * `npm audit` => warnings generated ✅ * `yarn audit` => warnings generated ✅...

@bmaupin It does seem to be working as documented but I think that a few of these bugs might be avoided by making that table a bit more prominent (like...

@ShubhamPalriwala My personal expectation is that this table wouldn't be different for the different commands https://aquasecurity.github.io/trivy/v0.30.4/docs/vulnerability/detection/language/. Instead, users would be able to specify `--ignore-dev-dependencies` and literally everything would be scanned...

I say that progress is progress and community contributions are the best :-D

@shawndwells I kind of assumed that it was already there actually! But, yes, definitely. Also, it would be nice if securetty could ignore the kernel options through some sort of...

@mathieu-aubin I didn't change any settings except for those directly related to the RPM building.

Also, I left in the support for Prefix but made it only exist if explicitly specified: https://github.com/jordansissel/fpm/pull/1657/files#diff-f32def54a1d6be460052b3c74f7aca7cR54

@mathieu-aubin Can you post exactly how you're building the RPM? It's possible that we're just using two different methods and I was simply missing something during testing. I'll go ahead...