syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
When running syft with command line args for verbosity the command fails if the configuration is set
**What happened**: When running `syft -vv alpine:latest` an error will occur if the configuration file is also set for verbosity. **What you expected to happen**: No error for syft to...
This issue is meant to be a spot to host discussion on a couple of related topics: - should syft **gather** information from external sources (e.g. maven.org, pypi.org, rubygems.org, etc.)...
**What would you like to be added**: It would be nice to be able to run Syft on a Dockerfile. **Why is this needed**: **Additional context**: Tern allows this.
**What happened**: Scanning the same image leads to different results depending on the output format. | Type | Components | cpe | purl | Versions | Licenses | Notes |...
**What would you like to be added**: Currently syft's root and packages commands produce the same `package` specific output: `syft packages node:latest > /dev/null ` `syft node:latest > /dev/null` 
**What would you like to be added**: Currently file metdata includes persmissions and ownership, however extended attrbiutes are not included. **Why is this needed**: Extended attributes can be crucial in...
Signed-off-by: Batuhan Apaydın cc: @wagoodman
**What would you like to be added**: I am requesting to be added to Syft, as an option, a config option or flag to disable pURL namespaces for deb and...
**What happened**: Software packages installed in C:\ProgramData hidden directory on Windows are not included in SBOM. **What you expected to happen**: All software packages installed on Windows should be included...
