syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Completing https://github.com/anchore/syft/issues/213 adds support for generating SPDX documents, however, there are several opportunities to expand upon what can be expressed in an SPDX document. For instance, we have a file...
**What would you like to be added**: Add the ability to shell-out to known tools such as `go` and `mvn` in order to capture more accurate build-time dependency information. **Why...
The cast found at the identified line only works for "Tar" files and not .targz, etc... https://github.com/anchore/syft/blob/91d7a8a9923a64292f2ab634672951ab4983179b/syft/source/file_source.go#L243 I have a .targz file that has two files named the same thing...
**What would you like to be added**: Hi, today when I have large image I sometimes create a .tar, and after that compress it as .gz in order to reduce...
Syft does not return the actual error message from Cosign when attestation with a private key fails
**Please provide a set of steps on how to reproduce the issue** ```bash syft attest --key cosign.key ghcr.io/edgelesssys/constellation/joinservice:v2.6.0-pre.0.20230131140552-27cae81bd7bc@sha256:cd33aacb5733f6cb7c9d9694a8d6c5337c78e019274ea1d531e25114f86b537b -o cyclonedx-json ``` **What happened**: Syft fails with an error message that...
**What happened**: When using Syft to produce an SPDX JSON document, it looks like it uses SPDXRef values in the list of `relationships` that don't map to any element in...
**What would you like to be added**: In the current parse_package_json.go, the expected structure to parse includes just the keyword `author`: https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/javascript/parse_package_json.go#L24 . However, there are plenty of packages that...
The CPEs that Syft emits for the binary version of OpenJDK versions appear to be incorrect. For our example of JDK 8 we will use the eclipse-temurin:8u392-b08-jdk image (the openjdk:8...
