Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: license detection by layer #43

Open
spiffcs opened this issue Feb 5, 2024 · 0 comments
Open

feature: license detection by layer #43

spiffcs opened this issue Feb 5, 2024 · 0 comments
Labels
feat New feature or request syft updates needed in syft for completion

Comments

@spiffcs
Copy link
Collaborator

spiffcs commented Feb 5, 2024

Grant consumes syft as it's default SBOM generator when users don't bring their own bill of material.

Syft has an open issue which would enhance the scoping selections anchore/syft#15. Completing this issue would allow grant to then provide users the option to do analysis for different layers of an image.

This is useful for when users want to do analysis on the software they're adding while excluding packages from the base layer. If an organization or user has already done analysis against the base image than they might only be concerned with a cross section of the container for license compliance.
@spiffcs spiffcs added feat New feature or request syft updates needed in syft for completion labels Feb 5, 2024
@wagoodman wagoodman added this to OSS Feb 7, 2024
@wagoodman wagoodman moved this to Backlog in OSS Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feat New feature or request syft updates needed in syft for completion
Projects
OSS
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spiffcs