syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
This changes the entire flow of the contributing guide. Please consider this a first draft (it still needs more details). I tried to put the guide into a logical order...
**What happened**: Scanning `almalinux:latest` image with various tools to compare the generated SBOM. At first sight Syft sounds better as total number of identified components was greater. But... making a...
**What happened**: No java executable was found when scanning docker image eclipse-temurin:11.0.14_9-jre-alpine **What you expected to happen**: syft should recognize executables even [when added via tar](https://github.com/adoptium/containers/blob/5a7c9b25bbca1cde27828e819f765614f7daf774/11/jdk/alpine/Dockerfile.releases.full) **How to reproduce it...
@henrysachs noted `lockFileVersion: 2` might include license information -- we should surface this (and also more correctly support v2 lock files): > Would it be possible to just take the...
This PR adds a hook in the `GenericCataloger` which allows post-processing such as searching for licenses, which is also used by the `javascript` lockfile cataloger to search for `package.json` files...
**What happened**: When running syft on a Singularity image containing an installation of Intel OneAPI the following error is encountered: ``` 2022/08/08 17:13:25 error during command execution: 1 error occurred:...
**What happened**: Get SBOM from a project result in an SPDX-JSON file with all licenses NONE. **What you expected to happen**: SPDX-JSON file with licenses concluded differently than NONE **How...
**What happened**: while scanning an image (harbor-repo.vmware.com/coe_repo/priority_portal:3.0) the python cataloger failed with error: ```unable to read python record file: record on line 27: wrong number of fields``` **What you expected...
**What happened**: I've tried to analyze the jenkins 2.346 image with syft and I got a lot of warnings which stated "unable to convert relationship from CycloneDX 1.4 JSON" and...
**What happened**: * Configured syft for anchore-engine upload * Scanned image * Scan result upload failed **What you expected to happen**: * Scan results uploaded to anchore engine **How to...
