Christopher Angelo Phillips
Christopher Angelo Phillips
Hey @tomersein! We talked about this on our livestream the other day. We're moving forward with FullText field being added to the license struct. What do you think is the...
we're working on fixing the current code to match the latest linter updates for new golangci-lint
I've tracked down a couple data sources syft could use to identify non SPDX licenses - currently looking at ways to incorporate these to the licenses identification when generating the...
Reopening this as #3412 and #3876 don't solve this for all cases. Now that both of those are in we need a more precise change that addresses this for the...
@KratochvilLukas I've added the needs investigation into this since it will probably go into our greater effort for enhancing syft with external data sources when the content of the original...
Thanks for the easy reproduce and bug report @scom-technology-operations! I've picked this up and will get a fix added for our next release.
👋 thanks for the issue @duranjesus I reproduced this and agree that both the `syft.json` and `spdx` formats output should be more expressive. Currently we illustrate one direction on the...
We talked about this on our live stream - https://www.youtube.com/watch?v=m0wG_LQUhPo Short Version: For this cataloger we're going to move away from contains and add in the bidirectional graph of adding...
Just to add some supporting evidence for this issue: https://spdx.github.io/spdx-spec/v2.3/package-information/#724-primary-package-purpose-field The package information in v2.3 allows for formats that identify the primary package purpose: ``` APPLICATION | FRAMEWORK | LIBRARY...
Thanks for the issue @dsseng! Let's start from the top and work our way down. For those coming to this issue the `sbomObject.Artifacts.FileDigests` can be found here: https://github.com/anchore/syft/blob/181e180284ea0ed2458e92f06279cd4184ce2053/syft/sbom/sbom.go#L15-L25 #### The...