Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / anchore/syft issues and pull requests

#2055 - feat: add bash classifier

Pull Request - State: closed - Opened by witchcraze over 1 year ago

#2054 - Fix: don't validate pom declared group

Pull Request - State: closed - Opened by willmurphyscode over 1 year ago - 1 comment
Labels: bug

#2053 - chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#2052 - Improve `setup.py` analyzer

Issue - State: open - Opened by thomas-bc over 1 year ago - 2 comments
Labels: enhancement

#2050 - Support Conan lockfiles v0.5

Issue - State: open - Opened by kzantow over 1 year ago
Labels: enhancement

#2049 - chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#2048 - chore(deps): update bootstrap tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] over 1 year ago - 1 comment
Labels: dependencies

#2047 - Enable reading non-utf-8 encodings for java pom.xml files

Pull Request - State: closed - Opened by wagoodman over 1 year ago - 1 comment

#2046 - Remove incorrect power-user help text that only image sources are supported

Issue - State: closed - Opened by tomerse-sg over 1 year ago - 1 comment
Labels: bug, documentation

#2045 - chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#2044 - Syft seems unable to parse non UTF-8 pom.xml files

Issue - State: closed - Opened by westonsteimel over 1 year ago - 1 comment
Labels: bug, good first issue

#2043 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] over 1 year ago - 1 comment
Labels: dependencies

#2042 - New version notice only showing the version and no text

Pull Request - State: closed - Opened by wagoodman over 1 year ago - 1 comment
Labels: bug

#2041 - Converting spdx-json to syft-json with `syft convert` loses artifact locations

Issue - State: open - Opened by willmurphyscode over 1 year ago - 1 comment
Labels: bug

#2040 - Add support for dpkg dependency relationships

Issue - State: closed - Opened by sumanthkb44 over 1 year ago - 3 comments
Labels: enhancement

#2038 - Using replace in a go.mod creates a SPDX package without versionInfo (Non-NTIA compliant)

Issue - State: closed - Opened by edonadei over 1 year ago - 1 comment
Labels: bug, ecosystem:go

#2037 - chore: more lenient java groupID lookups

Pull Request - State: closed - Opened by kzantow over 1 year ago - 2 comments

#2036 - fix: inconsistent removal of binaries by file overlap

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment

#2035 - Intermittent binary listings, different results every time

Issue - State: closed - Opened by aptalca over 1 year ago - 3 comments
Labels: bug

#2034 - fix: properly parse conan ref and include user and channel

Pull Request - State: closed - Opened by Pro over 1 year ago - 4 comments
Labels: bug

#2033 - feat: 1944 - update purl generation to use a consistent groupID

Pull Request - State: closed - Opened by spiffcs over 1 year ago - 4 comments
Labels: enhancement

#2032 - Use Java package names to determine known groupIDs

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment
Labels: bug

#2030 - Change in behavior - Leading zeroes on SPDXID between different Syft versions

Issue - State: closed - Opened by akhil-vasudevan over 1 year ago - 1 comment
Labels: bug

#2029 - Parser for dotnet_portable_executable using wrong attribute name.

Issue - State: closed - Opened by Roxedus over 1 year ago - 9 comments
Labels: bug

#2028 - chore: restore cataloger.DefaultConfig

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment
Labels: changelog-ignore

#2027 - Update github.com/Microsoft/go-rustaudit to have correct capitalization

Pull Request - State: closed - Opened by barnuri over 1 year ago - 2 comments

#2026 - Cant use syft with go mod vendor because invalid case of microsoft module

Issue - State: closed - Opened by barnuri over 1 year ago - 6 comments
Labels: bug

#2025 - chore(deps): update CPE dictionary index

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] over 1 year ago - 1 comment
Labels: dependencies

#2024 - Question: meaning of syft:location:X:path & syft:cpe23

Issue - State: closed - Opened by prosunjitbiswas over 1 year ago - 2 comments
Labels: question

#2023 - Python pip dependency information

Issue - State: open - Opened by prosunjitbiswas over 1 year ago - 3 comments

#2022 - chore(deps): update bootstrap tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] over 1 year ago - 1 comment
Labels: dependencies

#2021 - Detect golang boring crypto and fipsonly modules

Pull Request - State: closed - Opened by bathina2 over 1 year ago - 5 comments
Labels: enhancement

#2017 - Support Maven multi-level configuration file / parent POM

Issue - State: closed - Opened by sekveaja over 1 year ago - 4 comments
Labels: bug

#2016 - chore: ensure syft binary is up-to-date when running CLI tests locally

Pull Request - State: closed - Opened by kzantow over 1 year ago - 2 comments

#2015 - Using file as a version in a package-lock.json creates a SPDX package without versionInfo (Non-NTIA compliant)

Issue - State: open - Opened by edonadei over 1 year ago - 4 comments
Labels: bug, enhancement, ecosystem:javascript

#2014 - fix: read direct package files when decoding SPDX tag-value

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment

#2013 - SPDX Tag-Value conversion not handling files directly set on packages

Issue - State: closed - Opened by kzantow over 1 year ago
Labels: bug

#2012 - chore(deps): update bootstrap tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] over 1 year ago - 1 comment
Labels: dependencies

#2011 - 1948-filter-pkg-by-type

Pull Request - State: closed - Opened by spiffcs over 1 year ago - 1 comment
Labels: changelog-ignore

#2010 - Syft panics in docker and mounting docker socket with some images

Issue - State: closed - Opened by iperalta7 over 1 year ago - 6 comments
Labels: bug

#2009 - chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#2008 - chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 2 comments
Labels: dependencies, go

#2007 - fix: SPDX license values and download location

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment
Labels: bug

#2006 - Revert "bump golang.org/x/net from 0.13.0 to 0.14.0 (#2004)"

Pull Request - State: closed - Opened by spiffcs over 1 year ago - 1 comment

#2005 - PyPI Kubernetes library generating invalid CPE kubernetes:kubernetes

Issue - State: closed - Opened by cpendery over 2 years ago - 3 comments
Labels: bug, changelog-ignore

#2004 - chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#2003 - chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 2 comments
Labels: dependencies, go

#2002 - Is there any feature to download/list the following details.

Issue - State: closed - Opened by parvjain639 over 1 year ago - 9 comments
Labels: question, license

#2001 - chore: update CLI to CLIO

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment

#2000 - Add pkg-config cataloger

Issue - State: open - Opened by kaniini over 1 year ago - 1 comment
Labels: enhancement, good first issue, new-cataloger

#1999 - test: add coverage for new rpmdb paths

Pull Request - State: closed - Opened by spiffcs over 1 year ago - 1 comment
Labels: changelog-ignore

#1998 - chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, go

#1997 - fix: update glob to use newer usr/lib/sysimage path

Pull Request - State: closed - Opened by spiffcs over 1 year ago - 1 comment
Labels: bug

#1996 - chore: improve spdx purl decoding

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment
Labels: bug, changelog-ignore

#1995 - fix: gradle lockfile parser groupId handling

Pull Request - State: closed - Opened by kzantow over 1 year ago - 1 comment
Labels: bug

#1994 - Fix warnings in deb cataloger when parsing opkg packages

Pull Request - State: closed - Opened by johnDeSilencio over 1 year ago - 1 comment
Labels: changelog-ignore

#1993 - chore(deps): bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#1992 - Coverting CycloneDXjson to CycloneDXjson loses external references

Issue - State: open - Opened by ben-petrsen-dese over 1 year ago - 2 comments
Labels: bug

#1991 - chore(deps): update bootstrap tools to latest versions

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] over 1 year ago - 1 comment
Labels: dependencies

#1990 - chore: update bubbly to fix hanging

Pull Request - State: closed - Opened by kzantow over 1 year ago
Labels: bug

#1989 - chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#1988 - Create nginx binary classifier

Pull Request - State: closed - Opened by SemProvoost over 1 year ago

#1987 - Set precedence for root options

Pull Request - State: closed - Opened by AidanDelaney over 1 year ago - 2 comments

#1986 - SYFT_CONFIG environment variable not supported

Issue - State: closed - Opened by AidanDelaney over 1 year ago - 1 comment
Labels: enhancement

#1985 - Expand deb cataloger to include opkg

Pull Request - State: closed - Opened by johnDeSilencio over 1 year ago - 2 comments
Labels: enhancement

#1984 - Automate homebrew releases

Issue - State: closed - Opened by chenrui333 over 1 year ago
Labels: release

#1983 - Remove MetadataType from core package object and normalize JSON metadataType values

Pull Request - State: closed - Opened by wagoodman over 1 year ago - 3 comments
Labels: breaking-change, json-schema

#1982 - Add metadata types to all CPE test fixtures

Pull Request - State: closed - Opened by wagoodman over 1 year ago - 1 comment
Labels: changelog-ignore

#1981 - CPEs generated for Jenkins plugins should have a target software and correct vendor

Issue - State: open - Opened by wagoodman over 1 year ago - 2 comments
Labels: bug

#1980 - feat: use originator logic to fill supplier

Pull Request - State: closed - Opened by spiffcs over 1 year ago - 2 comments
Labels: enhancement

#1979 - fix: default image source name to user input

Pull Request - State: closed - Opened by kzantow over 1 year ago
Labels: bug

#1978 - Controlling syft's parallelism & reduce memory usage

Issue - State: closed - Opened by tomerse-sg over 1 year ago - 2 comments
Labels: enhancement, changelog-ignore

#1977 - fix: prevent hang if stderr is tty but stdout is not

Pull Request - State: closed - Opened by willmurphyscode over 1 year ago - 2 comments

#1976 - `spm-cataloger` doesn't work

Issue - State: closed - Opened by DominikPalo over 1 year ago - 1 comment
Labels: bug

#1975 - chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03

Pull Request - State: closed - Opened by anchore-actions-token-generator[bot] over 1 year ago - 1 comment
Labels: dependencies

#1974 - Fix for issue #1972: Fixed typecasting, and added more debug logging.

Pull Request - State: closed - Opened by markgalpin over 1 year ago - 9 comments

#1973 - fix for issue #1972: Fixed typecasting, and added more debug logging.

Pull Request - State: closed - Opened by markgalpin over 1 year ago - 1 comment

#1971 - Add ruby.NewGemSpecCataloger to DirectoryCatalogers.

Pull Request - State: open - Opened by evanchaoli over 1 year ago - 6 comments

#1970 - Support SPDX 3 component properties

Issue - State: open - Opened by wagoodman over 1 year ago - 1 comment
Labels: enhancement, format:spdx

#1969 - chore: update to latest commit in tools-golang

Pull Request - State: closed - Opened by spiffcs over 1 year ago - 1 comment

#1968 - Fix panic condition on docker pull failure

Pull Request - State: closed - Opened by wagoodman over 1 year ago - 1 comment
Labels: bug

#1967 - Simplify python env markers

Pull Request - State: closed - Opened by wagoodman over 1 year ago - 2 comments
Labels: breaking-change

#1966 - Guess unpinned versions in python requirements.txt

Pull Request - State: closed - Opened by wagoodman over 1 year ago - 3 comments
Labels: enhancement

#1965 - chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#1964 - Can not have license ID

Issue - State: open - Opened by bj1116 over 1 year ago - 4 comments
Labels: bug

#1963 - Add support to detect bash binaries

Issue - State: closed - Opened by captn3m0 over 1 year ago - 1 comment
Labels: enhancement, binary-analysis

#1961 - Add support for determining supplier of packages

Issue - State: open - Opened by kzantow over 1 year ago - 3 comments
Labels: enhancement

#1960 - Should we be including development packages as described in lock files?

Issue - State: open - Opened by wagoodman over 1 year ago
Labels: enhancement, question

#1959 - chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#1958 - Empty purl in SPDX output

Issue - State: closed - Opened by vargenau over 1 year ago - 5 comments
Labels: bug, good first issue

#1957 - Different CPEs between java-cataloger and java-gradle-lockfile-cataloger

Issue - State: closed - Opened by henryde over 1 year ago - 2 comments
Labels: bug, good first issue