You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With #843 (via #1038 ) now you can set the specific set of catalogers to run when generating an SBOM:
syft myimg:latest --catalogers go-mod-cataloger
# run the go.mod package cataloger
syft myimg:latest --catalogers python,ruby
# run ALL python and ruby catalogers
allow for cataloger labels which can be selected from and combined, e.g. python+installed would select any catalogers that are python-based and have the installed label.
expand the set of catalogers beyond packages and allow for any artifact cataloger (e.g. file-metadata, digests, etc...)
additive only option; something like syft ... --catalogers +file-metadata would use the default set of catalogers for the given input type and add file-metadata (today you can only set the entire list of catalogers, not append)
The text was updated successfully, but these errors were encountered:
#1383 is effectively implementing this, though there are differences:
allow for the user to configure named groups of catalogers
The PR organizes the catalogers with multiple tags, which multiple catalogers can use. This is used to group catalogers by a quality, ecosystem, and other ways. The --catalogers option now can select based on a cataloger name or tag.
allow for cataloger labels which can be selected from and combined
intersection syntax has changed from python+installed to python&installed to differentiate set operations suggested in #1731 , where + is already used to represent a union. There was a way to still use + for both union and intersection but would prefer to not overload a single operation to mean multiple things.
expand the set of catalogers beyond packages and allow for any artifact cataloger
The file based catalogers cannot be selected in this way, instead they are enabled when there is a valid file selection in the configuration, or with the inclusion of file digest algorithms in the configuration. All package catalogers have a packages tag already in anticipation of other kinds of catalogers in the future (as this causes no harm)
With #843 (via #1038 ) now you can set the specific set of catalogers to run when generating an SBOM:
This is a huge step forward!
Here are the next steps that could be next:
python+installed
would select any catalogers that arepython
-based and have theinstalled
label.syft ... --catalogers +file-metadata
would use the default set of catalogers for the given input type and add file-metadata (today you can only set the entire list of catalogers, not append)The text was updated successfully, but these errors were encountered: