syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
**What would you like to be added**: Add rpm/gem/npm package description to json output **Why is this needed**: It's a required field for our company's internal SBOM. It might be...
Perhaps related to https://github.com/anchore/syft/issues/32 Basically, after running Syft on an image primarily containing NPM packages I got a pretty large SBOM, and when looking into it, I saw a lot...
**What would you like to be added**: I use syft to create a sbom.xml to import in dependency-track. The sbom.xml is create from a java maven project. There are maven...
**What would you like to be added**: **Why is this needed**: We (w/@srenatus @anderseknert) did a [similar effort](https://github.com/withfig/autocomplete/pull/854) in OPA to add autocompletion of opa CLI in by [fig](https://github.com/withfig/autocomplete). So,...
**What would you like to be added**: I would like Syft to be able to extract the Java version (or really any of the "large" language/framework versions like Java, Dotnet,...
This just adds another simple example of the Syft API usage, which demonstrates how to use a specific source.
**What would you like to be added**: I have observed `status` files in real-world filesystems at paths that vary slightly from the set of globs currently searched for by the...
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.22.0. Commits 7ee34a0 go.mod: update golang.org/x dependencies c289c7a websocket: re-add documentation for DialConfig 9fb4a8c http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
``` TOOL UPDATE ───────────────────────── gh v2.44.1 → v2.45.0 ``` This is an auto-generated pull request to update all of the tools to the latest versions.
![anchore-actions-token-generator[bot] avatar](https://avatars.githubusercontent.com/u/16208487?v=4 "anchore-actions-token-generator[bot] avatar"){kind=avatar}
**What happened**: When scanning a directory for packages, which includes both .rpm and .whl files, the catalogers properly reported the .rpm files, but did not report the .whl files. **What...
