Alex Goodman
Alex Goodman
One thing that I feel is unanswered is should we be looking at exclusively the relationships and package types? Or should there be more to match on in order to...
agreed that a specific approach would be needed (we can look for partial matches or similarity). The higher level question is should we be trying to determine if the binary...
Thanks @tommyknows for your thoughts! I've been starting to get some of these changes in recently with #1383 (just part of this issue) so good timing! > I find the...
@luhring I've got some draft code that we could talk through conceptually (with some options not entirely figured yet)... think of this as a conversation starter (with a couple more...
For anyone picking this up, it sounds like this would be a good fit for cataloging directories which look for declarations of packages and not container images which look for...
I think we can leave language as blank / unknown in these circumstances -- the cataloger is more valuable than resolving the language from the pURL IMHO. I can help...
The main changes I made were: - Split the cataloger into `erlang` and `elixir`. The conflict for parsing the language from the pURL has been kicked down the road. -...
I think the parser needs a few details still ironed out: - Are versions always guaranteed to be the last `-` delimited field? What if the version is a `-`?...
> ...We could special-case common output names (bin, lib, dev). That's probably the right way to go. We can adjust as we find exceptions in the future too. > [the...
> This requires the build system the container was built with to be around at the time of invoking syft... That distinction makes sense. Ultimately, I'm alright with not including...