Will Murphy

We want to make sure that whatever solution we use is not vulnerable to crashing because a field is added, so maybe skipping straight to data classes is the wrong...

I think what we plan to do here is demote the `output` of `grype db list` to be under db, so you'd have like: ``` yaml db: list-output: json ......

Hi @yaabdala thanks for the request. Would you mind providing a link to a github action file that has dependencies that are missed, and say what dependencies we should have...

Here are some specific repro steps (happening today with istio latest) Make a package like this: ``` sh go mod init example.com/grype972 go get istio.io/istio ``` Make a main.go like...

This needs investigation - we want to compare the different approaches mentioned by @wagoodman at https://github.com/anchore/grype/issues/972#issuecomment-2248418543. We can discuss once there are some concrete examples to decide among.

Hi @pkeecom thanks for the issue! I'll do some digging and get back to you. The fixed version showing in grype output is from https://access.redhat.com/errata/RHSA-2025:1262, which is listed as the...

Hi @pkeecom can you give us one bit of additional information about the image you are scanning? What are the contents of `/etc/os-release` and `/etc/redhat-release`?

Hi @pkeecom, I'm planning to pick this up next. I like the idea of providing a config option that lets users specify that they're scanning a `-eus` image. We'll also...

Hi @pkeecom those are still a work in progress. I don't have an exact timeline to commit to, but we are still working on this issue.

We might also want to support EUVD IDs as well, and maybe a flag for `--by-euvd-id` or something.