-
Description: I'm attempting to generate an SBOM for a Singularity file using Syft, but I encounter a runtime error.
Below is my setup and the command I used. I apologize, but due to the proprietary n…
-
See https://github.com/anchore/nvd-data-overrides
-
This blog post from Anchore states to stop matching with CPEs: https://anchore.com/blog/say-goodbye-to-false-positives/
However the [default configuration settings](https://github.com/anchore/grype…
-
**What would you like to be added**:
A formal schema for the Grype output format.
**Why is this needed**:
The MITRE Security Automation Framework (https://saf.mitre.org) has made an integrati…
-
Consider the following action:
```
grype:
needs: build
runs-on: ubuntu-latest
steps:
-
name: Scan image
uses: anchore/scan-action@v4.1.2
id: gryp…
-
**What would you like to be added**:
Currently, Syft builds the sbom report in memory before writing it to disk. I propose that instead of building in memory, we stream directly to disk.
**Why is…
-
**What would you like to be added**:
We have multiple issues that want to be able to search within a small space, but reference things outside of that space:
- https://github.com/anchore/syft/issues…
-
I am assuming that an sbom that denotes packages with package relationships should result in matching entries into purl tables ... the following analysis graph warnings show that
```
https://anch…
-
Our org is using the Jammy base builder and base runner with the latest version in my CI tool to perform builds and got the below Critical/High security vulnerabilities identified by the scanning tool…
-
The upstream [issues](https://github.com/anchore/grype/issues/558) got closed. It is referenced in:
- [ ] [.grype.yaml#L2](https://github.com/ory/oathkeeper-maester/blob/b2b00cd9968529ff72879485a4df22…