Holger Freyther
Holger Freyther
Thank you for your reply and sorry for being late to the party. I have seen the design document and wanted to propose a more simple design for a narrower...
> @mattyclarkson I think we (at least I) missed the interaction with `unsafe`. Rereading the Go thread on this, `purego` disables: > > * ASM, which may require a C...
> he current setup for the build flags based on what is enabled in the `rules_go` target: > > `rules_go` `cgo = True` `cgo = False` > `pure = "on"`...
Any chance we can make progress here?
> Thanks @zecke for the contribution here! > > Is there an image or scan target you have that shows this change includes the new license for `grafana/tempo`. > >...
@spiffcs Any chance you can have a look at the change?
Thank for your detailed response. > Are you asking if syft can take the binary, reverse engineer the package import graph for the main module, and then lookup the relevant...
https://github.com/zecke/syft/tree/zecke/go-package-license-match is a proof of concept. It imports/vendors the govulncheck extensions and uses them to get a list of Go packages and attempts to match a subpacke to the appropriate...
> I've added "needs discussion" to this issue so that we can discuss the UX and implementation for showing different licensing info for different Go packages within the same Syft...
> The correct combination of compilers here should be > > ``` > compilers = [ > "@io_bazel_rules_go//proto:go_proto", > "@io_bazel_rules_go//proto:go_grpc_v2", > ], > ``` On paper the above mixes github.com/golang/protobuf...