Alex Goodman

@hectorj2f I 100% agree with the observations on the `distro` section and how we could leverage reading of pURLs here to help (there could be a lot of overlap with...

...pong! > [is] there another way to handle this by accepting multiple args in packages subcommand instead of introduce new merge command? This is something we're interested in doing (see...

Hey! I'm highly interested in options here for integration between these two projects 👍 I want to start by framing some of philosophies that Syft has today (and where they...

- schema: https://github.com/anchore/bom-import-tool/blob/master/anchore_bom_importer/data/bom-input-schema.json - example: https://github.com/anchore/cisco-bom-importer/blob/master/example.json Consider supporting yaml, toml, and json (with struct tags)

Consider using CycloneDX for the input format as well https://github.com/anchore/syft/issues/67

We should consider allowing this functionality to be downstream (outside) of syft. Syft is cataloging what was actually found, and if there is a modification to the output needed a...

Somewhat contradictory to the above comment, I think there is room for adding "exceptional" content in syft output via configuration. I think it matters how we do this. Such as...

We could simplify the functionality some to make the solution space more tractable; what if we only allowed for the addition of packages and maybe the removal of packages, but...

From refinement: - We probably shouldn't call this "content hints" - Possible implementation path: implement template output which would allow the user to add packages via the template Note: this...

@jeff-cook today if you use the `json` output format (`-o` option) there are some catalogers that support populating the `licenses` field or a similar `metadata.licenses` field. We are continuing to...