syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
**What happened** Outputting a CycloneDX SBOM does not pick up the sole dependency's licence in its output. **What you expected to happen**: Given I can see the dependency inside `node_modules`...
**What would you like to be added**: - `--output` -> `--format` - `--file` -> `--output` * Formats: `syft-json cyclonedx-xml cyclonedx-json github github-json spdx-tag-value spdx-json table text` * Output: `file to...
## 📝 Description Not a great solution, but it at least removes these false flagging events and matches the current practices of manual vendor/product additions by adding support for manual...
**What would you like to be added**: In https://github.com/anchore/syft/pull/649, https://github.com/anchore/syft/blob/main/internal/formats/common/spdxhelpers/document_name.go#L26 was introduced which replaces `:` with `-` in namespaces. This impacts the output name of docker SPDX. Ideally these docker...
Capability to scan single packages would be great. syft can already generate a catalogue of packages from an image or a directory: I assume that scanning only a package then...
**What would you like to be added**: As the Syft JSON schema evolves, ensure that non-reproducible fields are optional so that users can generate spec-compliant SBOMs that are reproducible. **Why...
It would be ideal to be able to identify and catalog [Nix](https://nixos.org/) packages.
**What would you like to be added**: When generating (and especially uploading) an SBOM I want to collect meta-data about where the command was run, who ran it, or other...
**What would you like to be added**: Currently syft parses only `.md5sums` and `.conffiles`. There are also `.list` files which appear to track more files. Here is an example: ```...
When I use syft with option packages, the --exclude argument seems to be ignored. The output tells me that there is a problem to access a zip file in %APPDATA%/Local/Temp/2/syft-archive-contents-......
