syft
syft copied to clipboard
anchore
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
A flag that would include the layerID the package first showed up in. When tracking down a package (maybe b/c it has vulnerabilities or Im not sure why its in...
**What would you like to be added**: we could toy with changing the version to be in the format of v0.0.0-- if we could derive the date correctly from the...
**What would you like to be added**: The ability to read entire file contents (or just the top X bytes of the file) and classify the contents as a particular...
**What would you like to be added**: The ability to identify SPDX license identifiers from individual files, such as: ```golang /* SPDX-License-Identifier: GPL-3.0-or-later */ package main import "fmt" func main()...
**What would you like to be added**: Output to include license for each package. **Why is this needed**: Anchore inline scan includes the license for each package. Having this would...
**What would you like to be added**: The ability to list the specific shared lib dependencies for a binary. For example: ``` $ readelf -d ./partx Dynamic section at offset...
Cataloger objects are the foundation to how syft understands how to parse sources, discover files, and reveal packages. We should add explicit documentation in a `DEVELOPING.md` guide on the high...
CPE should be: `cpe:2.3:a:redis.js:redis:*:*:*:*:*:node.js:*:*` Vulnerability example for this CPE: https://nvd.nist.gov/vuln/detail/CVE-2021-29469 For more context (internal link): https://anchore.slack.com/archives/C1DMGFP3J/p1620774479360500
Add the following user scope selections: - Hidden Scope: `all layers - squashed` - User Scope: `all layers - base layer` - User Squashed Scope: `squashed - base layer` -...
Today the package catalogers expose some file information from the cataloging source, not directly about the file on disk (e.g. indirect file metadata from the RPM DB, not metadata gotten...