Will Murphy

> This means we are matching on something else. If we look at the data in GrypeDB, this CPE is listed `cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*` which probably shouldn't be in there (I don't...

Thanks @westonsteimel! I think we may also need a special version comparator for OpenJDK versions (or enhance the fuzzy comparator in some way). If add add a test like this:...

Hi @josephlim75 - I think your comment will be easier to track if it's in its own issue. I've opened #1531 as a feature request to request specifying multiple templates....

Syft is finding two different go executables that it considers copies of `code.gitea.io/gitea`, and assigning different versions to them. - `/app/gitea/gitea` is found and reported as version `v1.16.7` - `/usr/local/bin/environment-to-ini`...

Hi @ramanNarasimhan77, Since this was reported, there's been some effort to better identify Go main module versions. I believe the original issue is fixed: ``` sh $ grype -q gitea/gitea:1.16.7...

What are the advantages of combining them? When the question of combining them comes up, why does it come up?

Thanks for the suggestion @tomerse-sg! I've added this to the "schema version 6 wish list" over at anchore/grype-db#108. Bumping the schema of the database grype uses is a bit of...

Hi @tomerse-sg, Sorry, but we don't have a time estimate right now for the v6 schema wish list, or even know exactly what the final implementation will look like. If...

Here's another idea, not sure if it's a good one: What if we run the templates in the context of the JSON output? In other words, when we execute a...

Wanted to add that https://github.com/anchore/grype/pull/1463 will make it so that `grype db check` will exit zero if the DB is known to be current, 100 if the DB is known...