-
### Current Behavior
A vulnerability which exists in multiple databases are not linked so report as 2 issues (therefore doubling risk score)
### Steps to Reproduce
1.import BOM with vulnerability p…
-
Mark vulnerable package versions
The plan:
- [x] Implement harvesting CPE data from upstream repositories
- :x: GUIX contains `cpe_name` (is useless without vendor)
- :x: FreeBSD ports defin…
-
## Description
A community user has reported that version 4.8.1 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
### Current Behavior
I collected the sbom of all rpm packages in the CentOS system through the syft(https://github.com/anchore/syft) tool, the format of the sbom file is cyclonedx-json, then I upload…
-
## Description
A community user has reported that version 4.8.0 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
## Description
A community user has reported that version 4.8.0 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
## Description
A community user has reported that version 4.8.0 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
**What would you like to be added**:
I would like to use a private Nexus server to host the database, but it is not very easy to set it up today. I would like to just setup a proxy repo in Nexus, b…
-
**What would you like to be added**:
Hi,
Thank you for developing the grype tool, it's really great.
I wanted to ask about some feature to support convenient downloads through artifactory prox…
-
I want to maintain a image with up-to-date vulnerability databases up to 4 hours. I was trying to reduce the pulls to the NVD by recursively building the image and running a database update. ever 4 ho…