syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
It would be useful to catalog NuGet packages. We should consider deriving this information from one or more sources: - `packages.lock.json` which has pinned dependencies listed - `.nuspec` which contains...
We're planning to scan our docker images with syft and providing the result via cyclonedx SBOM to dependency-track. Our images include manually added zip's of jdk and tomcat. Syft detects...
**What would you like to be added**: syft should add support for asdf. asdf is a generic package manager that can be used to install various tools. See https://github.com/asdf-vm/asdf **Why...
**What would you like to be added**: **Why is this needed**: ArtifactHub has a new feature called Container images repositories. I would like to add Syft container image to ArtifactHub...
**What happened**: I am trying to generate sbom for my gradle project. I noticed that **PackageLicenseDeclared** is NONE for all packages. However, the licence information is available in the packages....
syft should be aware of user-specified content files, which can override or add additional known packages to a catalog. This should be in feature parity with https://github.com/anchore/enterprise/issues/185
**What happened**: Running `syft photon:3.0 -o spdx` the `PackageLicenseDeclared` for all packages is listed as `NONE`. According to the SPDX spec, however, `NONE` should only be used if "the package...
**What happened**: panic: runtime error: index out of range [0] with length 0 when dealing with files without extension. **What you expected to happen**: Support when file has no extension?...
**What happened**: As a developer not knowing Go I want to build an image (in my case I want to try out https://github.com/patrikbeno/syft/tree/sbom-cataloger). I just want to run `docker build...
