syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
**What would you like to be added**: When attempting to decode Syft JSON (or other formats), error messages do not show what line/character an error occurred, making it very difficult...
Can not have license ID Exec Command : ``` syft packages sonatype/nexus3 -o cyclonedx-json ``` But can not have license id : ```json "licenses": [ { "license": { "name": "http://www.apache.org/licenses/LICENSE-2.0.txt"...
**What would you like to be added**: Add the check against: https://docs.clearlydefined.io/get-involved or a link to the corresponding artifact **Why is this needed**: To improve the Data and maybe check...
This PR adds an appropriate vendor for `dnsmasq` for APK and DPKG. Partially fixes #2636
**What happened**: syft+grype do not detect a vulnerable version of dnsmasq on an OpenWRT device. **What you expected to happen**: One of the reason could be that syft builds the...
**What would you like to be added**: Proper handling for non-distro dpkg entries. These entries need to be identified separately from other dkpg entries, as they did not originate from...
**What would you like to be added**: Detect wordpress **Why is this needed**: Syft does not detect wordpress. ``` $ syft wordpress | grep wordpress ✔ Loaded image wordpress:latest ✔...
Today syft does not distinguish between RPMs from the official distro provider vs RPMs that were curled and installed from unofficial sources. This is valuable to detect, and applies to...
**What happened**: Using syft latest version 0.105.0, when running syft catalogers list I get the table and there are 19 catalogers containing the image tag alpm-db-cataloger binary-cataloger cargo-auditable-binary-cataloger conan-info-cataloger dotnet-portable-executable-cataloger...
Adds a `squashed-with-all-layers` resolver which acts like the squashed resolver with the additional behavior of returning instances of the path found in all other layers. This, combined with additional changes...