buildkit-syft-scanner
buildkit-syft-scanner copied to clipboard
docker
BuildKit Syft scanner
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.105.0 to 1.4.1. Release notes Sourced from github.com/anchore/syft's releases. v1.4.1 Bug Fixes Fix redundant package deletions when considering ELF packages [#2862 @wagoodman] (Full Changelog) v1.4.0 Added Features...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
needs * ~https://github.com/docker/bake-action/pull/181~ * ~https://github.com/docker/metadata-action/pull/370~ Main purpose is to have a more accurate provenance when building the image (cc @tonistiigi).
Following up on #26, we should cover a wide variety of operating system images, language images, and application images: OS images: - Debian - Archlinux - Amazon linux - etc....
Currently, `buildkit-syft-scanner` generates only SPDX-JSON SBOMs. Would the maintainers be open to supporting other types of SBOMs (e.g., CYCLONEDX-JSON)?
I need a method to specify a cataloger using the buildkit For example, with Syft, I can specify a cataloger like this: `syft --select-catalogers +sbom-cataloger` Currently, there is no way...
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.105.0 to 1.7.0. Release notes Sourced from github.com/anchore/syft's releases. v1.7.0 Added Features index known CPEs for wordpress plugins and themes [#2963 @westonsteimel] Consider Author field for wordpress...
Cache `mode=max` slows down the build and is not really necessary for this target.