Keith Zantow
Keith Zantow
This PR adds a starter workflow using the [Anchore scan-action](https://github.com/anchore/sbom-action), which provides dependency scanning of containers and directories using the [Anchore Syft tool](https://github.com/anchore/syft). This workflow also uploads to the results...
We should revert [lowering the "no OS distribution found" message to debug](https://github.com/anchore/grype/pull/741/files#diff-ab967ab1a2f3a1b769106eeb7bfe892ef0e81d1d27811fa15be08e6749feee1fL376-R377), but change the logic to only show this when we have OS packages _without_ an OS distribution. The...
**What would you like to be added**: Add a `Syft JSON version` or something similar to the `grype version` output. **Why is this needed**: In order to understand which Syft...
With the addition of the `--distro` flag, it would be nice if a user could know exactly what values they should be using for this without having to somehow inspect...
@henrysachs noted `lockFileVersion: 2` might include license information -- we should surface this (and also more correctly support v2 lock files): > Would it be possible to just take the...
This PR adds a hook in the `GenericCataloger` which allows post-processing such as searching for licenses, which is also used by the `javascript` lockfile cataloger to search for `package.json` files...
A user can currently upload the generated SARIF report by adding an additional step in their workflow using the [upload-sarif](https://github.com/github/codeql-action/tree/main/upload-sarif) action from `codeql-action`. It might be nice if this happens...
[This PR](https://github.com/anchore/scan-action/pull/94) was opened for the use case of continuing on failure to check an exit code later. But there is already a way to do this with GitHub Actions,...
[Github](https://github.com/actions) has [re]-written [many](https://github.com/actions/setup-go) [of](https://github.com/actions/setup-node) [their](https://github.com/actions/toolkit) [actions](https://github.com/actions/starter-workflows) in TypeScript and also provides a [Github action TypeScript template](https://github.com/actions/typescript-action). [We should also be using TypeScript](https://www.typescriptlang.org/why-create-typescript). Also, there was some work done for...