syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
# Motivation It is not always possible to look inside executables and report accurate information on their contents and dependencies. This information is accessible at the build time of executables,...
syft convert sbom.syft.json -o cyclonedx-json=img.cdx.json 2022/07/11 10:59:36 error during command execution: unknown shorthand flag: 'o' in -o Its experimental feature.. just wanted to check if there is any fix for...
Supports ad hoc binary application layouts: CI saves CycloneDX SBOM JSON in docker image or application deployment/installation folder. During image/directory scanning, Syft does not need to rely on specific layouts...
Suggesting enhancement to the python cataloger. Catalog package files for legacy egg 'installed-files.txt' metadata. For example `psycopg2` does not have linux wheel so it uses egg, then django uses `psycopg2`...
Hi PR is the continue work on https://github.com/anchore/syft/pull/843. * Rename flag from `enable-catalogers` to `catalogers` configuration * Add `-C` `--cataloger` command line argument. * Flags support remove of cataloger suffix....
**What happened**: Running the command: ```bash syft packages redis:6.2.6-bullseye -o cyclonedx > redis-sbom.xml ``` the CPE of the packages are generated with the pattern `cpe:2.3:a:PACKAGE_NAME:PACKAGE_NAME:VERSION:*:*:*:*:*:*:*` like this ``` cpe:2.3:a:dpkg:dpkg:1.20.9:*:*:*:*:*:*:* pkg:deb/debian/[email protected]?arch=arm64&distro=debian-11...
**What happened**: Syft does not detect the current version of some dependencies when scanning a maven project. **What you expected to happen**: Syft shows the current version of every package...
