New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scan matches on similarly named package, but from different ecosystem #1779
Comments
Hi @supersimple , would you be able to expand how to do this? ...maybe provide a sample file or some command line steps to create one that's causing the issue? |
Hi. |
What happened:
I was alerted to a CVE issue on a package (from Hex) that has a similar name to a vulnerable package available in the iOS ecosystem. They are unrelated packages.
What you expected to happen:
I was expecting not to receive a failure
How to reproduce it (as minimally and precisely as possible):
Add the expo dependency to an elixir app/ Run Grype.
Anything else we need to know?:
I am including a screenshot from the GH action output
Environment:
grype version
:cat /etc/os-release
or similar):The text was updated successfully, but these errors were encountered: