syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
**What would you like to be added**: CycloneDX gomod exposes a fairly comprehensive way of generating accurate sboms for go based projects in 3 modes, app, mod and bin. Explore...
**What would you like to be added**: Be able to specify multiple targets that where one or more SBOMs are created. Take the following examples for illustrative purposes: ```yaml #...
Today we output a json structure similar to the following: ``` { artifacts: [ # list of packages ], relationships: [ # list of package relationships ] distro: {...}, ......
**What would you like to be added**: Right now the Syft JSON format schema version is hard-coded (seems to be to the latest version). When you bump to a newer...
**What would you like to be added**: Do one of the following: - Add post-release automation that attempts to install syft via our brew tap and verify the installation +...
**What would you like to be added**: Run the majority of the release steps on a linux runner. Split darwin-related post-build tasks (homebrew + mac signing) to a separate runner...
Today we have a checksum file + signature, however, we do not publish the key. We should either publish the key or replace this mechanism (maybe with a sigstore workflow).
**What happened**: Hi! 👋 I am leveraging the Syft Go library in my project to generate SBOMs. I'm wondering if there are any support expectations from maintainers around the library?...
Today we use `github.com/alecthomas/jsonschema` to generate our jsonschema, however, that repo has been moved to `github.com/invopop/jsonschema`. We should migrate to using the latest library, however, initial testing shows that the...
**What would you like to be added**: Ensure that all SBOMs produced by Syft cover the NTIA's [Minimum Elements For a Software Bill of Materials (SBOM)](https://www.ntia.doc.gov/report/2021/minimum-elements-software-bill-materials-sbom). Direct link to PDF:...
