Will Murphy

I think we want to agree on what Syft currently does before we decide to change it. For that reason, I made 3 SBOMs with the possible settings, like this:...

Hi @tomersein! Thanks for your patience on this issue. We did some digging, and there are a few places file objects are created besides the file metadata cataloger: 1. `evident-by`...

I think the next step here is to get https://github.com/anchore/syft/pull/3505 merged. I'm removing `needs-discussion` because we've already discussed enough to get a specific PR.

I'm removing `needs-discussion` because this is partially implemented at https://github.com/anchore/syft/pull/3360 and that PR has some specific feedback that needs to be addressed before it can be merged. I think the...

The action here is to update https://github.com/anchore/grype-db?tab=readme-ov-file#recommended to mention that `grype-db` doesn't do much without Vunnel, and explain that vunnel is run either in docker (which requires docker) directly as...

I've added the `needs-discussion` label so that we will discuss this in an upcoming livestream, hopefully [today's](https://anchorecommunity.discourse.group/t/may-22nd-open-source-gardening-live-stream/436?u=willmurphy). I think we should discuss because changing PURLs for distro packages is a...

I think the real discussion to have here is: What should we change about Syft to make it better at scanning whole computers, as opposed to the directory scan (which...

I'm trying to capture a core, actionable request here so that maybe we can work on it (since I distracted us above :) ). I think the ask is: 1....

Hi @jurassicLizard, thanks for the issue! Currently, Grype's database does not include type `o` or type `h` CPEs, only type `a` CPEs. There's a more detailed discussion at https://github.com/anchore/grype/issues/872.

Adding `needs-discussion` so that we can discuss: Now that we have better compression and a more compressible schema, is it time to just include `:h:` and `:o:` CPEs in the...