Stdlib versions

Hello!
I’ve scanned rpm image and received the below information:

      "id": "d17a2467c2d6c774",
      "name": "stdlib",
      "version": "go1.21.9 (Red Hat 1.21.9-2.el9_4)",
      "type": "go-module",

my question is does this version makes sense? (the part of the distribution).
How it is being normalised in grype so we can find vulnerabilities?

Thanks!

It looks like we are going to have to improve the version detection for cases like this. Please file an issue with repro steps. Thanks, @TimBrown1611!

hi, opened:

1 Like