syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
**What would you like to be added**: **Why is this needed**: **Additional context**:I want to know how to use syft to detect vmlinz, but I scan the kernel files of...
**What would you like to be added**: (Hi, loving the tool, thanks for all your efforts) We have a pnpm monorepo using the workspaces functionality. I am able to prepare...
In regards to Issue: https://github.com/anchore/syft/issues/1821, we are trying to come up with a solution. This isn't complete, I have some issues getting licenses.go to work properly, and in general I'm...
1. Use Maven application to resolve all dependencies, including from parent poms and Maven BOM's. This is done using Maven to generate an '[effective-pom](https://maven.apache.org/plugins/maven-help-plugin/usage.html#The_help:effective-pom_Goal)' in which all dependencies and their...
This PR includes some fields required in SPDX 2.2. NOTE: one of the fixes is dependent on getting this upstream PR in: https://github.com/spdx/tools-golang/pull/223 Fixes: #2163
**What happened**: I ran Syft with `SYFT_JAVASCRIPT_SEARCH_REMOTE_LICENSES=true` and it logs out a warning it failed to fetch them **What you expected to happen**: To successfully fetch all licenses **Steps to...
Partially implements #661 This PR adds the following indications to the `file.Executable` object: - `hasEntrypoint` denotes if the binary is self-executable - `hasExports` denotes that the binary can be used...
**What would you like to be added**: I have a binary in Go, we will name it Alpha. Alpha includes another binary (I'm implementing it using go:embed) named Beta. So...
