We've got a lot of new folk coming in thanks to Google Summer of Code and a dearth of new bugs, so this is a catch-all issue that multiple can work on since it should generate a bunch of new checker and test issues.

One of the groups I'm working with is using Alma Linux on their servers. They haven't actually asked for more checkers so I don't have a precise list of what might be interesting to them, but I want to enhance their experience if we can. Note that Alma is based on RedHat so you'll see a lot of the same stuff you'd see in other RH-based or related distros using RPM (e.g. Centos, Fedora)

Here's a list of base OS packages in Alma Linux 9.1 (the latest release):
https://repo.almalinux.org/almalinux/9.1/BaseOS/x86_64/os/Packages/

And you can change the number in that url to get some different releases if you want. e.g. here's 8:
https://repo.almalinux.org/almalinux/8/BaseOS/x86_64/os/Packages/

So here's what you do:

1. Download some packages from Alma Linux
2. Try running cve-bin-tool against the package and see if it finds anything in the rpm file.
3. If it does find exactly what you expected: does the checker already have an rpm test? If it doesn't have one or the existing test is for a really different version, file an issue to add a new test with a link to the package you used.
   • Issue title: test: add $checker_name test for Alma Linux
   • Issue body example: `When I was investigating Alma Linux support I noticed that $checker_name doesn't have a rpm test. Here's a link to the package I looked at that was detected: $link. It might be a good candidate to be added as a test."
4. If it found something that wasn't what you expected: Is there a bug that needs to be filed, or is it a case where the package maybe contains another component that we detect (e.g. openssl is sometimes embedded in other software). If it looks like a bug or you're not sure, file a bug.
   • Issue title: fix: unexpected result for $checker_name against Alma Linux package
   • Issue body example: "When I scanned $file_url I found {whatever you found} but I expected to find {whatever you expected}. Is this a bug?"
5. If nothing is detected, see if there's a checker that should have detected this file. If there is, file a bug saying so! Don't forget to link the particular file that didn't work.
   • Issue title: fix: $checker_name failed to detect in $file
   • Issue body example: "I was testing this file ($link) which I think should have been detected by $checker but I found nothing. Maybe we need to add or improve the pattern?"
6. If nothing is detected and there's no checker, file an issue requesting a new checker for this component.
   • Issue title: feat(checker): new checker request $checker_name
   • Issue body example: "New checker request: $checker_name, link to package for tests: $link, associated list of cves: {search cvedetails to figure that out}"
7. If everything worked exactly as expected and no issues need to be filed, go ahead and comment in this thread to say "I tried $link and it worked great!"

When filing an issue:

• Always check to see if there's already one filed if you can. If there's already one filed, see if you can add any info to it instead. (And don't freak out if you accidentally file a duplicate; it happens sometimes, just try to avoid it.)
• You can claim your own issues, just say so when you file them. "I intend to work on this issue myself."
• If you don't want to claim your issue, you can also leave a note saying "I'm filing this so others can work on it" -- It's a huge help to me if you file a few of these so more new contributors can get started! I'll try to go through periodically and mark some of the ones filed for others as "good first issue" and put any other explanatory text in the comments if I can.

Short tips for new contributors:

• cve-bin-tool's contributor docs
• If you've contributed to open source but not this project, you might just want our checklist for a great pull request
• cve-bin-tool uses https://www.conventionalcommits.org/ style for commit messages, and we have a test that checks the title of your pull request (PR).
• You can make an issue auto close by including a comment "fixes #ISSUENUMBER" in your PR comments where ISSUENUMBER is the actual number of the issue. This "links" the issue to the pull request.

Claiming issues:

This issue isn't the type of issue that can be claimed by one person. If you're generating a new issue, please check to make sure that someone hasn't already filed a checker request or test for the same component. And although I often ask contributors to claim only one or two issues marked as "good first issue" before moving on to "regular" issues without the tag, I'm willing to make an exception if you want to take more than one Alma package and make more than one new checker or just do the initial work and file some issues so others can work on them.