Will Murphy
Will Murphy
**What would you like to be added**: Right now, at least 2 vunnel providers (RHEL and Mariner), simply drop vulnerabilities that the feed considers "not applicable". Instead, we should keep...
Map vulnerabilities coming from Vunnel mariner provider that are tagged with mariner 3.0 to be Azure Linux 3. See anchore/grype#1829 Depends on changes in anchore/grype#1848 - changes in this branch...
**What would you like to be added**: When `grype` decides to update the vulnerability database before a run, `grype` should be able to download a diff of what changed, rather...
Previously, this provider could only include upper bounds on ranges. Note that this will also require a grype-db PR to start putting the new field in the database.
Otherwise the quality gate will keep failing. Addresses one of the problems mentioned in https://github.com/anchore/vunnel/issues/583. The namespace is coming up now. Manual testing done on `main`: 1. `make dev provider=alpine`...
**What happened**: The nightly quality gate job has been failing for a few days now with a few different causes. **What you expected to happen**: The quality gate to pass....
Support windows by: 1. Changing goreleaser config to make windows release artifacts 2. Changing PR and pre-release validations to run new CLI tests on windows runner Closes #17
**What happened**: In Syft, it's possible to specify `--source-name` and `--source-version` to add user-provided name and version of the artifact/directory being scanned to the SBOM. However, Grype doesn't accept these...
Can be used for local development. Might be worth integrating into npm commands. Remembering to start the local registry before running tests locally is cumbersome. Here's a shell script, copied...
When working on providers, it's common to add test cases that are made essentially by subsetting flat files that carry vulnerability data. For example, trying to test #650, it would...