Will Murphy

Grype's database currently doesn't include `o` or `h` CPEs, only, `a` CPEs (that is, CPEs for applications but not operating systems or hardware). There's a more detailed discussion at https://github.com/anchore/grype/issues/872.

This is fixed. Running `grype` against the SBOM you provided now shows many CVEs against the kernel. Thanks for the issue! ``` sh $ grype 'cpe:2.3:o:linux:linux_kernel:5.4.236:*:*:*:*:*:*:*' ``` will also search...

We might be able to get away with just running one test at a time as a cheap way to fix this: With `maxConcurrency = 1`, we see `npm run...

I think maybe we want to use this `jest` option to keep the tests from racing to install grype: https://jestjs.io/docs/cli#--runinband @popey I believe the race condition occurs installing grype itself,...

Here's an example from sbom-action: https://github.com/anchore/sbom-action/actions/runs/9863167357/job/27235328478#step:6:246

https://github.com/anchore/scan-action/actions/runs/9864003440/job/27238006566#step:8:131 is another example of the `spawn: ETXTBSY` flake.

Another one in sbom-action: https://github.com/anchore/sbom-action/actions/runs/9872881542/job/27263932911?pr=475#step:6:239

Both scan-action and sbom-action have their tests running in series now. We can re-open this if the issue returns.

Hi @RLI-Rdeaton I just had a quick look here and I am not able to reproduce, so I feel like I must be missing something. Would you mind taking a...

I realized in your sample you were on an older version than I am, so I rolled back to check that: * https://github.com/willmurphyscode/action-troubleshooting/actions/runs/11371375995/job/31633301500#step:2:4 has fail-build true and failed the build...