syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
ELF security feature detections was added in https://github.com/anchore/syft/pull/2443 . It would be nice to also add this same kind of features but for windows (PE formatted binaries). Proposed features to...
ELF security feature detections was added in https://github.com/anchore/syft/pull/2443 . It would be nice to also add this same kind of features but for darwin (Mach-O formatted binaries). Proposed features to...
**What would you like to be added**: ELF security feature detection is being added in https://github.com/anchore/syft/pull/2443 . What was carved off of this work was being able to detect [selfrando](https://github.com/runsafesecurity/selfrando/blob/master/docs/linux-build-instructions.md)...
This topic has come up in a few different places, in the community meeting and in conversations with @nurmi and @westonsteimel ... so I wanted to capture some of those...
Add support for PHP PECL and PEAR extensions: https://pecl.php.net/
SPDX has the concept of relationships that can be applied to packages, files, or other artifacts. This issue aims to explore what existing metadata can be expressed via SPDX relationships...
It would be ideal if the output SBOM of syft included a description of what is in scope and out of scope as clearly as possible. This includes (but not...
**What happened**: When trying to scan a folder that contains a jar, Syft is creating a package of that jar without versionInfo. An example can be found here: https://github.com/google/tink/tree/master/java_src/examples/android/helloworld/gradle/wrapper It...
**What happened**: In the case of scanning a Go project with a go.mod file with a replace statement, e.g. [here](https://github.com/golang/tools/blob/master/gopls/go.mod). It supposed to recursively resolve to [this file](https://github.com/golang/tools/blob/master/go.mod). But it...
**What would you like to be added**: The *supplier* field to SBOMs, in order to conform to the NITA minimum SBOM requirements. **Why is this needed**: Syft should generate SBOMs...
