Will Murphy

We see that this branch has the expected failures: https://github.com/anchore/syft/actions/runs/8930279182/job/24530010619?pr=2837#step:4:50 ``` log task: [lint] .tool/golangci-lint run --tests=false Error: syft/linux/identify_release.go:67:4: ruleguard: internal.CloseAndLogError should be deferred right after the error returned from...

Hi @remiville, Thanks for the report! The reason Grype is matching is that for OS packages (in this case APK packages) that have a source/upstream package, vulnerabilities against the source/upstream...

Thanks for the response @remiville! Would you mind posting a Dockerfile that doesn't have the false positive? Was it on a different version of Alpine? I think what's going on...

This would make adding tests to https://github.com/anchore/syft/pull/2654 a lot easier.

https://gist.github.com/f3l3gy/0e89dde158dde024959e36e915abf6bd might be how we'd do an install script.

Adding CLI tests as a step towards this: https://github.com/anchore/binny/pull/21

Current issue facing this is that running `go install` to a temp directory and then trying to rename the resulting `.exe` to the `.tool` directory fails with permission denied errors...

I just wanted to say this is still on our backlog, and we'd welcome contributions for it, but we haven't been able to prioritize it yet.

Hi @apr-1985, thanks for reporting this issue! Can you help me understand one thing: Is this a setup that previously worked, and stopped working, or is this a new setup?

I think `stereoscope` is failing to talk to the Docker socket, and so falling back to podman (in case the user is running podman and not docker. On my system,...