Will Murphy
Will Murphy
I think this is because Syft isn't decoding the Group field from CycloneDX JSON: https://github.com/anchore/syft/issues/1202 If Grype is pointed at an SBOM, even in CycloneDX format, where the component's name...
Blocked on anchore/vunnel#635
I think maybe this issue has the wrong Dockerfile snippet? ``` dockerfile FROM registry.suse.com/suse/sle15:15.5 RUN zypper in -y --no-recommends python3-rsa=3.4.2-150000.3.7.1 ENTRYPOINT [""] CMD ["bash"] ``` installs `python-rsa`, but this is...
This might be fixed in https://github.com/anchore/grype/releases/tag/v0.80.2 by https://github.com/anchore/syft/pull/3257. I don't have an example system handy with this kernel module. Is someone able to re-test and let us know whether this...
This would not be relevant if we do https://github.com/anchore/grype/issues/2129. However there has been some feedback on that decision, so I've added `needs-discussion` over on that issue.
I'm closing this issue in favor of https://github.com/anchore/grype/issues/2129
Another note @tomasr if you want to have fine control over what Syft is doing during a Grype run, you can do: ``` sh syft -c my-syft-config.yaml | grype ```...
Hi @tomasr! I think it makes more sense to open particular issues for dotnet package cataloging or matching errors. To summarize: 1. The reason that writing an SPDX SBOM to...
Thanks all! We are taking a look at some CDN troubleshooting now.
I have a couple questions about the lockfile after reading the docs on it. Is the `uv.lock` file specified anywhere? I looked at https://docs.astral.sh/uv/concepts/projects/#project-lockfile and expected to find a schema...