https://staticcheck.io/docs/checks#SA6005

In file sanitize.go: if strings.ToLower(straw) == strings.ToLower(needle) { should be strings.EqualsFold(straw, needle)

or, even better, compile a regexp literal for needle and use it for the entire loop.

Currently, engine does not support matching vulnerabilities against the busybox "package" itself. Detected applications are scanned (npm, python, java, etc), but because there aren't os packages as with Centos, Deb, etc there is no "os package" vuln scanning support.

The solution is to add a virtual package to the anchore analysis for the busybox binary itself, which anchore already detects as

As the engineer who wrote this, I'm sure it all seems obvious to you :) but something that would be VERY helpful to add your website and your github README file would be two bullet lists: "What USBGuard Does", "What USBGuard Doesn't Do". Having this explained clearly would be very helpful even to those of us who are tech-savvy :) Thanks.

You touched on this issue of the Google Cast button not showing up in Youtube in issue #15 , but the issue was supposed to be fixed. Currently, the cast button does not show up unless either the Block Click-Through Referrer or XML HTTP Request Handling is disabled while Scriptsafe is enabled.

Okay, so if you pass a filterWith rule, that function should return true|false.

However, you can throw a custom error in that function instead. It's just that the customer error needs to implement toJSON and return { field, message }.