sbom-action icon indicating copy to clipboard operation
sbom-action copied to clipboard
verified publisher icon anchore

Print table view when generating output file

Open kzantow opened this issue 4 years ago • 3 comments

There is currently no support in Syft for this but it can be accomplished by executing multiple times. This is less than ideal, as scans have the potential to be slow. Once Syft has some support, we can look at adding this to sbom-action.

See:

  • https://github.com/anchore/syft/issues/325
  • https://github.com/anchore/syft/issues/400

kzantow avatar Sep 16 '21 22:09 kzantow

From refinement:

  • Always output the syft json format, additionally allow other outputs (defaulting to today's behavior of outputting SPDX json). This will help to enable grype scanning (with high efficiency) between the sbom-action and the scan-action.

wagoodman avatar Jan 11 '22 19:01 wagoodman

After a talk with @kzantow I learned this issue was made to allow the generation of syft json AND spdx files, the former meant for vulnerability scanning, the latter for publishing purposes. But currently vuln scanning can ingest either format, so the two files aren't required. The use case where multiple outputs may be relevant, for SBOM action and CLI, is to generate a file while also printing SBOM as a table -- the table here is a visual helper to whoever ran the tool.

jonasagx avatar Mar 03 '22 23:03 jonasagx

Depends on https://github.com/anchore/syft/issues/563

jonasagx avatar Apr 06 '22 18:04 jonasagx