Will Murphy
Will Murphy
For example: https://github.com/anchore/vunnel/blob/c615dcae89ec4b84d7a51a62d77c69a6a496af9e/src/vunnel/utils/vulnerability.py#L16-L27 gets `copy.deepcopy`-ed around a lot, as a template for a dict literal. The code would be cleaner and have more useful type hinting if this were replaced...
Previously, the parser was using a deep copy of a dict literal to make each new instance of the vulnerability it was emitting. Vunnel has since added a dataclass to...
This issue tracks the work to turn down the infra related to Grype DB Schema v1 and Grype DB Schema v2. (Note to concerned visitors: anyone using grype after v0.13.0,...
**What happened**: Running `grype config` makes a sample config file. This config file (on macOS) includes ``` yaml db: cache-dir: '~/Library/Caches/grype/db' ``` This makes sense. There's no need to put...
**What happened**: If `output: [json]` (or any other list, including an empty list) is present in the config file, `grype db list` fails with an error. **What you expected to...
**What would you like to be added**: As part of anchore/grype#1609, Syft should pick up on sboms in containers located at `/opt/bitnami` because this is how Bitnami records what's in...
**What would you like to be added**: Right now, Vunnel spends a long time running for providers that download many small files, because it downloads these files one at a...
**What would you like to be added**: Grype should download a smaller file during it's database update, probably by using .zstd compression on the current database schema. **Why is this...
Many of these docs are over at Vunnel, but Grype is sort of the central repo for how these vulnerabilities are reported, so an outline at least belongs in Grype.
**What would you like to be added**: A Python cataloger that can understand `uv.lock` files, see https://docs.astral.sh/uv/concepts/projects/#project-lockfile for general docs. **Additional context**: According to [this comment](https://github.com/astral-sh/uv/issues/5605#issuecomment-2371085961) our best source for...