syft icon indicating copy to clipboard operation
syft copied to clipboard

Published 20 hours ago verified publisher icon anchore

Add line numbers when reporting artifact locations

Open alfredodeza opened this issue 4 years ago • 2 comments

What would you like to be added: In addition to file paths, line numbers are crucial for some integrations like IDEs. Ideally, in the JSON presenter in the same place where file paths are defined.

For example:

   "locations": [
    "test/integration/test-fixtures/image-debian-match-coverage/ruby/Gemfile.lock"
   ]

Could be an object:

    "locations": [
        {
            "path": "test/integration/test-fixtures/image-debian-match-coverage/ruby/Gemfile.lock",
            "linenumber": 13
        }
    ]

One potential problem here is that there are cases where a line number is not possible at all. For example in an RPM database. In those situations it is fine to use nill.

Why is this needed: Some integrations like IDE would benefit from having line numbers so that they can highlight where the detected package exists

Additional context:

alfredodeza avatar Aug 14 '20 11:08 alfredodeza

This is relevant to SARIF output which supports noting line numbers in the output as well as being able to express better source code-like analysis in the future.

wagoodman avatar Sep 15 '22 20:09 wagoodman

can be a nice feature for integrations like Github and helping developers to fix some issues.

tomerse-sg avatar Jan 09 '24 17:01 tomerse-sg