Will Murphy

Hi @tomersein great question! This work is indeed unblocked. The next thing that needs to be done is to actually fetch this data from our various data sources in vunnel....

It sounds like you have SPDX JSON SBOMs with some user-defined licenses in them, and you'd like `grant list` and `grant check` to work with these, so that `grant list`...

No word from maintainers of the data yet, but https://alas.aws.amazon.com/alas2023.html shows that `ALAS-2024-783` and `ALAS-2024-781` are back. Today's grype db now has those: ``` sh $ grype -q amazonlinux:2023.6.20241121.0 |...

I just wanted to post a quick update here. We've emailed the maintainers of the ALAS website, and they've assured us that the issue is resolved, but only 2 of...

I think this will be fixed by https://github.com/anchore/vunnel/issues/776

Hi @pckvcode thanks for the request! This is an enhancement we'd be happy to see. In the meantime [`os.TempDir`](https://pkg.go.dev/os#TempDir) respects the usual environment variables for choosing the temp directory, e.g....

This is probably caused by https://github.com/anchore/syft/issues/2981 - please follow that issue.

Thanks very much @mattlorimor! It sounds like there might be a better data feed to use then the one we currently use, which is at: https://github.com/anchore/vunnel/blob/c79b83a56fbe7df334cea6021a552d95410b4eca/src/vunnel/providers/amazon/parser.py#L18-L23 I'll pick this up...

I have some questions about the changes here: 1. What about package catalogers that find files themselves? For example, the APK cataloger finds files that are owned by different APK...

> I actually want a way to disable this cataloger. You mean the file metadata cataloger?