Keith Zantow
Keith Zantow
When outputting Tag Value format, [some elements like Files](https://github.com/spdx/tools-golang/blob/main/spdx/v2/v2_3/tagvalue/writer/save_document.go#L53-L66) are being sorted before being output, and these seem to be sorted by SPDXID. This causes a bit of a stability...
Previously, license handling in Golang had a few quirks and may not function if the go mod directory did not exist. This PR makes the following changes: * Separate local...
Syft should be able to include license information for packages it finds. Sometimes this information is present in the metadata on disk, other times it is only available by some...
Running `go get github.com/anchore/grype-db` fails because of files containing `:` characters in the `manager` python directory tree. Adding the `go.mod` will cause this tree to be excluded from the top-level...
When running this action on Windows, we need to account for the `.exe` file suffix. Fixes: #313
**What would you like to be added**: The `--from` flag, analogous to Syft. **Why is this needed**: Parity with Syft. See: https://github.com/anchore/syft/issues/1783
Catalogers should not iterate over each file and match a glob, but rather use a find by glob. See: https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/nix/cataloger.go#L37-L38
This PR adds information to the file model which allows surfacing "unknowns". Previously, when scanning a source, Syft runs a number of catalogers which create packages from the files found....
This PR removes even more of the makefile to rely on `go` itself to bootstrap downloading needed tools. It probably needs some work. You can try it out like this:...
**What would you like to be added**: Ability to distribute a ruleset separately from the Syft binary, which provides information to allow Syft to identify different pieces of software. **Why...