Replies: 1 comment 2 replies
-
|
ALAS is an Amazon Linux specific vulnerability identifier. Dependency-Track does not natively support ALAS, but to my knowledge, ALAS identifier are not unique, meaning that they typically always reference one or more CVEs. |
Beta Was this translation helpful? Give feedback.
-
|
I see @stevespringett . so i just curious, is there any plan for DT to support it? |
Beta Was this translation helpful? Give feedback.
-
|
If someone creates a pull request that adds support for ALAS, I'd be happy to merge it in. But at the moment, it's not even a roadmap item for us. We do have plans to support OSV, RedHat advisories, and a few others, but nothing planned for Amazon specific. |
Beta Was this translation helpful? Give feedback.
-
Hi Team,
Currently i make some comparison between the Grype and DT. To generate the Cyclonedx SBOM i use Syft. But somehow the Grype can detect the Vulnerability from ALAS but not with DT
Is it because the DT analyzers, which is no one is refer to the ALAS?
Thank You
Beta Was this translation helpful? Give feedback.
All reactions