microsoft
Detect python components from Linux containers
Azure for Operators have many small teams producing Linux container images and sharing them with other teams. We want the consuming teams to be registering the components from those container images with Component Governance, in order for the consuming team to meet various OSS requirements.
To that end, we need component-detection to detect more component types in Linux containers than just OS packages.
This PR adds support for python package detection in containers as that is a) used by our teams b) supported by syft and component-detection. I expect we'll want to add more non-Linux types in future (e.g java, ruby gems).
Are you ok with this approach? Should I put this behind a feature flag initially that we can enable in Azure for Operators? I'll update the docs/readme after we've decided these.
