Alex Goodman
Alex Goodman
#2396 adds the capability to detect binaries where there the `.note.package` on the binary is purely a JSON payload. This is a little different than what you'll find with a...
It seems that grype is not behaving as syft does when passing individual files that are not sboms: ``` ❯ syft -o json conan.lock > /tmp/sbom ✔ Indexed file system...
It may be desirable to have runes that are wider than a byte (such as ▶ for the `uiprogress.Head`). Additionally it would be nice to support not only runes, but...
Today we show package count on the UI to help the user get a sense of the progress during cataloging: ``` $ syft cgr.dev/chainguard/redis -o json=/tmp/redis.json ✔ Loaded image cgr.dev/chainguard/redis:latest...
This PR brings grype in line with the upgrades done [in other repos](https://github.com/anchore/syft/pull/2188) by: - Upgrades the Makefile to a [Taskfile](https://taskfile.dev/). A much smaller Makefile has been left behind for...
This PR addresses behavior of `archiver.Tar.Unarchive()` described in CVE-2024-0406, specifically in two cases: **Case 1** When a tar contains two header entries for the same file: 1. the first entry,...
Currently when attempting to run bring services up with libcompose, on the second attempt the `Up` command fails with `Volume "node_modules" needs to be recreated - driver has changed`. The...
Currently the libcompose project object can notify when particular events occur via the `AddListener` function. This is great when you are trying to get events from libcompose actions, however, this...
I haven't investigated why yet, however if you have a `network:` declaration in the docker-compose file and you run libcompose up, the network takes 10+ seconds to be created the...
I'm considering using this lib in another project of mine, however, I may not want to commit to using this lib if the project is dead. There have been ~7...