syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
_This idea came from @samj1912 on a recent community meeting as well as a previous prototype._ Today we've started adding the ability to encode and decode from any SBOM format....
Derived from https://github.com/anchore/grype/issues/525 , syft errors out on analysis when an RPMDB cannot be parsed: ``` ✔ Vulnerability DB [no update available] New version of grype is available: 0.27.0 ✔...
Today we have a release process that is relatively simple: push a tag, a team member needs to approve, the pipeline runs, and there is a draft release ready for...
**What happened**: I was trying to convert the JSON format of the v0.3.0 SBOM to the tag-value format. The tool I was using reported multiple non-unique SPDXID package IDs and...
**What would you like to be added**: when pip packages are installed from non default pip indices (pypi), we should store the pip repository url in the sbom **Why is...
Stumbled upon a Bug similar to the one described in #466. In my case, it happens when scanning a Docker Image with a couple of Jar files where one of...
**What happened**: I get an error when I attempt to source the generated Bash shell completions: ```bash $ source
**What would you like to be added**: Support for cataloging [R](https://www.r-project.org/) packages. The package metadata spec is at https://r-pkgs.org/description.html#description and the package url spec is at https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#cran **Why is this...
Hi all! **What would you like to be added**: Conda ecosystem (language agnostic) support **Why is this needed**: The conda ecosystem provides an amazing way to work with dependencies in...
It would be great if Syft captured some global information from apk while analyzing Alpine images/systems in order to provide a fuller picture of apk-based software installations. And specifically, if...
