December 19th | Open Source Gardening | Live Stream

Every Thursday, the Anchore Open Source team runs a live stream to discuss issues, pull requests and future planning in our SBOM and vulnerability tools.

Note: This is the last gardening session of the year! :christmas_tree:

:alarm_clock: Stream begins at 2024-12-19T20:00:00Z for about an hour.

Expect engineering and project management discussions, a bit of GitHub issue gardening on Syft, Grype, and the rest of the family.

Join us on Thursday for a relaxed, educational and productive live stream.

If you’d like to join us on the Zoom call to discuss any relevant topics, DM me right here in Discourse for the link.

Topics

  • Updates - If there’s any important news about the tools, we’ll usually start there.
  • Needs discussion - issues and pull requests marked needs-discussion.
  • Any other issues or pulls that need our collective brains :brain:
  • Questions from the audience :thinking:

hi!
hope you are doing well :slight_smile:
I am still waiting to some directions in these PR -
squashed all layers mode - Squashed all layers by tomersein · Pull Request #3138 · anchore/syft · GitHub
sort fixed versions - Filter unrelated fixed version by tomersein · Pull Request #2271 · anchore/grype · GitHub

will you have time to take a look before of the meeting? so I can understand how can I proceed further with the PRs?

Thanks!

this bug also interesting me - I think I’ve reported on it a while ago (few month) and it was solved, but I see it happens again - purl is not deterministic in java-archive cataloger · Issue #3521 · anchore/syft · GitHub

Things we discussed this week