Will Murphy
Will Murphy
To answer your question directly @RLI-Rdeaton I'm happy to fix this fairly promptly if I can reproduce it and understand it 😄
@RLI-Rdeaton I agree that this is confusing behavior. `severity-cutoff: medium` really maps to grype's `--fail-on medium` flag, so we're telling grype "fail on medium and also don't fail," which is...
Developer notes: this issue now tracks two changes to `scan-action`: 1. If `severity-cutoff` and `fail-build: false` are both passed, clearly state in logs that the min severity failed, but that...
@dependabot rebase
Hi all, I did a little digging here to try to understand what's happening. To understand, I'm comparing two images: * `mcr.microsoft.com/openjdk/jdk:11-mariner` * `localhost/grype2181`, built from the following Dockerfile: ```...
Hi @kaiorafael, thanks for the report. I think the reason you are seeing no output is that you are telling Syft to use a cataloger that's not best suited to...
Hi @sekveaja - thanks for the detailed report! This and several other SLES false positives will be fixed by https://github.com/anchore/vunnel/issues/626
Hi @SDDunt, Thanks for the issue and the detailed steps to reproduce. The docs specifically say that they support image archives as a result of skopeo copy: ``` # scan...
Marking as ready and adding some notes. There are 2 changes we want to make: 1. Make a nice docs area that lists all the formats grype accepts and how...
Hi @henrysachs it sounds like you'd only want to merge ignored vulnerabilities, is that correct? Or are there other parts of the config you'd expect to merge?