Will Murphy

Hi @juan131, sorry that this has sat for a while. I'll see about getting some of this static analysis and unit tests passing today and see if some of us...

@wagoodman / @westonsteimel do we need to do anything here for the grype schema v6 work? Should we take advantage of the grype schema change to implement anything here?

Hi @carrodher and @juan131! Thanks for the PR! > is there anything we can help with at this time? Do you have an image or Dockerfile that you'd expect to...

After going some more looking, it seems like this is blocked on getting anchore/grype-db#217 merged, and adding a transformer for the new OSV schema. (Without that work, we can't make...

So I was wrong about anchore/grype-db#217 being the first step. I think the first step is really anchore/syft#3065. In other words, the tools need detect the Bitnami packages and encode...

@juan131 the reason for the Syft change is that, by default, the SBOM cataloger is off (that is, Syft doesn't incorporate SBOMs it finds in images into the SBOM it...

It looks like a fix for this was merged a few months ago, so I'm closing it out with `changelog-ignore` (since it fixed before the current release it doesn't belong...

Hi @wenoukiz, We discussed this recently at our [community meeting today](https://anchorecommunity.discourse.group/t/august-29th-open-source-gardening-live-stream/106), and we've decided that we're not going to add hardware or OS CPEs into Grype's database at this time,...

Hi @carrodher! I wanted to give an overview of what still needs to happen to get grype supporting the bitnami vulnerability provider. The list is at least mostly in the...

@carrodher and @juan131 I am pretty determined to see these changes land and will start picking up this work. I'd also be happy to sync up with you all if...