Will Murphy

Thanks @apr-1985 for the detailed follow-up! I think you're right that something is off with stereoscope's handling of the DOCKER_HOST environment variable, looking at https://github.com/anchore/stereoscope/blob/cd49355d934e9e09339e0b690398afe7bd9f63f1/internal/docker/client.go#L19-L51 It looks like we special...

It looks like the client itself doesn't automatically respect the `DOCKER_HOST` env var: https://github.com/moby/moby/blob/b6ad25bf5e718142a03ae1027933e8b976dfc923/client/client.go#L133-L155

Here is some testing I did after disabling the default docker socket on my laptops (the one at `/var/run/docker.sock`): ``` sh $ syft docker:busybox:latest 2023/07/10 11:54:40 error during command execution:...

@apr-1985 one thing you might try doing is explicitly specifying that `syft` should be using `docker`: ``` yaml - name: Generate SBOM id: sbom uses: anchore/sbom-action@v0 with: image: docker:"${{ inputs.registry...

Thanks for testing again and for the logs @apr-1985. I'll keep looking into this.

So I've confirmed in a Linux VM (fedora running under lima in case that matters for some reason in the future) that syft is respecting `DOCKER_HOST` even when its a...

Thanks for the comment @jdagostino9188 and @apr-1985! I wonder, can this issue be reproduced just by running syft in docker-in-docker without involving GitHub actions? That would make it much easier...

From Josh: For fixing the severity of CVE-2023-44487 in debian namespaces, we could solve the immediate problem by updating it to "high".

Maybe we can use a general CSAF parser also for SUSE, for example instead of https://github.com/anchore/vunnel/pull/635.

@westonsteimel how would overriding the severity at a per-package level here help if grype db schema v5 can only have one severity per `(VulnID, Namespace)` tuple? Or is the ask...