Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / anchore/syft issues and pull requests

#3623 - Incorrect purl for [email protected] results in missed CVE

Issue - State: open - Opened by willem-delbare 3 days ago
Labels: bug

#3622 - chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5

Pull Request - State: closed - Opened by dependabot[bot] 3 days ago
Labels: dependencies

#3621 - chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1

Pull Request - State: closed - Opened by dependabot[bot] 3 days ago
Labels: dependencies

#3620 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 3 days ago
Labels: dependencies

#3619 - chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0

Pull Request - State: closed - Opened by dependabot[bot] 6 days ago
Labels: dependencies

#3618 - chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4

Pull Request - State: closed - Opened by dependabot[bot] 6 days ago
Labels: dependencies

#3616 - Syft cannot scan the component information of C # language

Issue - State: open - Opened by sunpan1101 6 days ago
Labels: bug

#3615 - Fix namespace value for OpenSUSE distros

Pull Request - State: open - Opened by mprpic 7 days ago

#3614 - go-module-file-cataloger fails if symlinks in path

Issue - State: open - Opened by Silvanoc 7 days ago
Labels: bug

#3613 - chore(deps): bump actions/cache from 3.3.2 to 4.2.0 in /.github/actions/bootstrap

Pull Request - State: closed - Opened by dependabot[bot] 7 days ago
Labels: dependencies

#3612 - chore(deps): bump actions/setup-go from 5.0.1 to 5.3.0 in /.github/actions/bootstrap

Pull Request - State: closed - Opened by dependabot[bot] 7 days ago
Labels: dependencies

#3609 - chore(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2

Pull Request - State: closed - Opened by dependabot[bot] 7 days ago
Labels: dependencies

#3608 - chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3

Pull Request - State: closed - Opened by dependabot[bot] 7 days ago
Labels: dependencies

#3607 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 7 days ago
Labels: dependencies

#3605 - chore(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0

Pull Request - State: closed - Opened by dependabot[bot] 8 days ago
Labels: dependencies

#3604 - chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2

Pull Request - State: closed - Opened by dependabot[bot] 8 days ago
Labels: dependencies

#3603 - Add Docker to Syft OCI Images

Issue - State: open - Opened by henrysachs 8 days ago
Labels: enhancement

#3602 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 8 days ago
Labels: dependencies

#3601 - chore: bump stereoscope to v0.0.13

Pull Request - State: closed - Opened by spiffcs 9 days ago

#3600 - chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0

Pull Request - State: closed - Opened by dependabot[bot] 9 days ago
Labels: dependencies

#3599 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 10 days ago
Labels: dependencies

#3597 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 11 days ago
Labels: dependencies

#3596 - chore: bump packageurl-go with new parsing rules

Pull Request - State: closed - Opened by spiffcs 13 days ago

#3595 - chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.0 to 2.9.1

Pull Request - State: closed - Opened by dependabot[bot] 13 days ago
Labels: dependencies

#3594 - Merging package does not consider UNKNOWN version stubs

Issue - State: open - Opened by wagoodman 13 days ago
Labels: bug

#3593 - chore(deps): bump modernc.org/sqlite from 1.34.4 to 1.34.5

Pull Request - State: closed - Opened by dependabot[bot] 14 days ago
Labels: dependencies

#3592 - chore(deps): bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3

Pull Request - State: closed - Opened by dependabot[bot] 14 days ago
Labels: dependencies

#3591 - Ensure go standard library version in component and PURL are consistent

Issue - State: open - Opened by g-suraj 15 days ago - 2 comments
Labels: bug

#3590 - Allow correction / overwrite of license information

Issue - State: open - Opened by markussiebert 15 days ago - 2 comments
Labels: enhancement

#3589 - Optimization of Dependency Retrieval for Red Hat-Based Systems

Issue - State: open - Opened by PatrickStarBaby 15 days ago - 2 comments
Labels: enhancement

#3588 - syft shows (devel) version for git-lfs while git-lfs version command shows 3.6.0

Issue - State: open - Opened by Bruceliu-rs 15 days ago - 3 comments
Labels: bug

#3586 - chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0

Pull Request - State: closed - Opened by dependabot[bot] 16 days ago
Labels: dependencies

#3585 - chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2

Pull Request - State: closed - Opened by dependabot[bot] 17 days ago
Labels: dependencies

#3584 - chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1

Pull Request - State: closed - Opened by dependabot[bot] 17 days ago
Labels: dependencies

#3583 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 17 days ago
Labels: dependencies

#3582 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 18 days ago
Labels: dependencies

#3581 - chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0

Pull Request - State: closed - Opened by dependabot[bot] 20 days ago
Labels: dependencies

#3580 - chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0

Pull Request - State: closed - Opened by dependabot[bot] 20 days ago
Labels: dependencies

#3579 - chore(deps): bump github.com/sanity-io/litter from 1.5.5 to 1.5.6

Pull Request - State: open - Opened by dependabot[bot] 20 days ago
Labels: dependencies

#3579 - chore(deps): bump github.com/sanity-io/litter from 1.5.5 to 1.5.6

Pull Request - State: closed - Opened by dependabot[bot] 20 days ago
Labels: dependencies

#3578 - Update README.md's link to Nixpkgs

Pull Request - State: open - Opened by axman6 20 days ago

#3578 - Update README.md's link to Nixpkgs

Pull Request - State: closed - Opened by axman6 20 days ago - 1 comment
Labels: changelog-ignore

#3577 - Syft generates invalid PURLs when name contains `:`

Issue - State: closed - Opened by jkugler 20 days ago - 9 comments
Labels: bug

#3576 - Multiple Maven Repositories

Issue - State: open - Opened by henrysachs 21 days ago - 2 comments
Labels: enhancement, needs-investigation

#3576 - Multiple Maven Repositories

Issue - State: open - Opened by henrysachs 21 days ago
Labels: enhancement

#3575 - syft convert cycloneDx Metadata is lost after reconvert

Issue - State: open - Opened by henrysachs 21 days ago
Labels: bug

#3575 - syft convert cycloneDx Metadata is lost after reconvert

Issue - State: open - Opened by henrysachs 21 days ago
Labels: bug, needs-investigation

#3574 - Syft convert from cdx.json -> syft.json -> cdx.json fails

Issue - State: open - Opened by henrysachs 21 days ago
Labels: bug, needs-investigation

#3574 - Syft convert from cdx.json -> syft.json -> cdx.json fails

Issue - State: open - Opened by henrysachs 21 days ago
Labels: bug

#3573 - Some questions regarding the Syft code

Issue - State: closed - Opened by PatrickStarBaby 21 days ago - 3 comments

#3573 - Some questions regarding the Syft code

Issue - State: open - Opened by PatrickStarBaby 21 days ago

#3572 - fix: fetch Dart package versions from sdk entries

Pull Request - State: open - Opened by sgreg 21 days ago

#3572 - fix: fetch Dart package versions from sdk entries

Pull Request - State: open - Opened by sgreg 21 days ago

#3571 - chore(deps): update anchore dependencies

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 22 days ago
Labels: dependencies, pre-release

#3571 - chore(deps): update anchore dependencies

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 22 days ago
Labels: dependencies, pre-release

#3570 - .NET deps.json should be considered as installation evidence

Issue - State: open - Opened by wagoodman 22 days ago
Labels: bug, ecosystem:dotnet

#3569 - Windows sbom have strange % in purl/sbom-ref

Issue - State: open - Opened by freeeflyer 23 days ago - 3 comments
Labels: bug

#3569 - Windows sbom have strange % in purl/sbom-ref

Issue - State: open - Opened by freeeflyer 23 days ago - 3 comments
Labels: bug

#3568 - chore(deps): bump golang.org/x/net from 0.33.0 to 0.34.0

Pull Request - State: closed - Opened by dependabot[bot] 23 days ago
Labels: dependencies

#3568 - chore(deps): bump golang.org/x/net from 0.33.0 to 0.34.0

Pull Request - State: closed - Opened by dependabot[bot] 23 days ago
Labels: dependencies

#3567 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 23 days ago
Labels: dependencies

#3567 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 23 days ago
Labels: dependencies

#3566 - detect jQuery file

Issue - State: open - Opened by witchcraze 24 days ago
Labels: enhancement

#3565 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 24 days ago
Labels: dependencies

#3564 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 26 days ago
Labels: dependencies

#3563 - More performant dotnet PE parser

Pull Request - State: open - Opened by wagoodman 27 days ago

#3562 - generate attestations for muli-arch signed SBOMs

Issue - State: open - Opened by ruzickap 27 days ago
Labels: enhancement

#3561 - chore(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to 5.13.1

Pull Request - State: closed - Opened by dependabot[bot] 27 days ago
Labels: dependencies

#3560 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 27 days ago
Labels: dependencies

#3559 - test: removes latest license list assertion

Pull Request - State: closed - Opened by spiffcs 28 days ago
Labels: changelog-ignore

#3558 - Use reader when scanning for package versions over reading entire binary into memory

Pull Request - State: closed - Opened by wagoodman 28 days ago - 1 comment
Labels: performance

#3557 - chore: update license list with new version

Pull Request - State: closed - Opened by spiffcs 28 days ago

#3556 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] 28 days ago
Labels: dependencies

#3555 - chore(deps): bump github.com/invopop/jsonschema from 0.7.0 to 0.13.0

Pull Request - State: closed - Opened by dependabot[bot] 29 days ago - 2 comments
Labels: dependencies

#3554 - Add crates.io enichment option for rust audit binary, json schema and spdx license updates.

Pull Request - State: open - Opened by jimmystewpot 29 days ago - 1 comment
Labels: ecosystem:rust, json-schema

#3553 - stdlib version contains distribution

Issue - State: open - Opened by TimBrown1611 about 1 month ago - 3 comments
Labels: bug

#3552 - chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3551 - chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 2 comments
Labels: dependencies

#3550 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 1 month ago
Labels: dependencies

#3549 - fix: golang remote license search when error reading local mod dir

Pull Request - State: closed - Opened by kzantow about 1 month ago - 1 comment

#3548 - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.8

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3547 - chore(deps): bump peter-evans/create-pull-request from 7.0.5 to 7.0.6

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3546 - chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3546 - chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3545 - chore(deps): bump modernc.org/sqlite from 1.34.3 to 1.34.4

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3545 - chore(deps): bump modernc.org/sqlite from 1.34.3 to 1.34.4

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3544 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 1 month ago
Labels: dependencies

#3543 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 1 month ago
Labels: dependencies

#3542 - chore(deps): bump modernc.org/sqlite from 1.34.2 to 1.34.3

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3541 - chore(deps): bump golang.org/x/net from 0.32.0 to 0.33.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3540 - chore(deps): update tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] about 1 month ago
Labels: dependencies

#3538 - chore(deps): bump github.com/docker/docker from 27.4.0+incompatible to 27.4.1+incompatible

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#3537 - chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies