grype icon indicating copy to clipboard operation
grype copied to clipboard

Published 20 hours ago verified publisher icon anchore

Grype should respect `--source-name` and `--source-version` as Syft does

Open willmurphyscode opened this issue 9 months ago • 0 comments

What happened:

In Syft, it's possible to specify --source-name and --source-version to add user-provided name and version of the artifact/directory being scanned to the SBOM. However, Grype doesn't accept these flags today. (It accepts --name, but that isn't wired up correctly to reach the output.)

What you expected to happen:

Running something like grype --source-version 1.2.3 --source-name my-project dir:. should put the appropriate version and name under the Source node in the resulting output.

How to reproduce it (as minimally and precisely as possible):

grype --source-version 1.2.3 --source-name my-proj dir:. fails because the flags aren't recognized.

Anything else we need to know?:

Would provide a nicer workaround to https://github.com/anchore/grype/issues/1866.

Environment:

  • Output of grype version:
  • OS (e.g: cat /etc/os-release or similar):

willmurphyscode avatar May 23 '24 21:05 willmurphyscode