You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to be added:
The ability to enable or disable individual catalogers.
Why is this needed:
Today Syft has two different default lists of catalogers: one for image scans and one for directory scans. These have some overlap, but also result in certain catalogers not being run in certain contexts. Syft also has the ability to specify all the catalogers using the catalogers: yaml option, SYFT_CATALOGERS env var, and --catalogers command-line flag, but this requires the user to know all the catalogers they want to run. If a user sets this and Syft adds more catalogers, these do not get run until the user updates the Syft config/invocation they are using.
Additional context:
I believe it's at least as useful to be able to be able to explicitly disable a cataloger (for example, one causing a problem) or enable a cataloger that isn't part of the default set.
My current proposal is to update the --catalogers flag and other configurations to allow each cataloger to be prefixed by a + or -, which would enable and disable the cataloger, respectively. If all catalogers specified in the configuration are additions or removals, the default set of catalogers is used for the scan while having the set supplemented by the + additions and the - entries removed.
This should make configuration significantly easier for a large number of use cases.
The text was updated successfully, but these errors were encountered:
+1. My use-case is doing image scanning, but I want to enable the package-lock cataloger instead of just package. I don't really want to track an entire set of catalogers, when new ones may be added in the future that are useful to me.
What would you like to be added:
The ability to enable or disable individual catalogers.
Why is this needed:
Today Syft has two different default lists of catalogers: one for image scans and one for directory scans. These have some overlap, but also result in certain catalogers not being run in certain contexts. Syft also has the ability to specify all the catalogers using the
catalogers:
yaml option,SYFT_CATALOGERS
env var, and--catalogers
command-line flag, but this requires the user to know all the catalogers they want to run. If a user sets this and Syft adds more catalogers, these do not get run until the user updates the Syft config/invocation they are using.Additional context:
I believe it's at least as useful to be able to be able to explicitly disable a cataloger (for example, one causing a problem) or enable a cataloger that isn't part of the default set.
My current proposal is to update the
--catalogers
flag and other configurations to allow each cataloger to be prefixed by a+
or-
, which would enable and disable the cataloger, respectively. If all catalogers specified in the configuration are additions or removals, the default set of catalogers is used for the scan while having the set supplemented by the+
additions and the-
entries removed.This should make configuration significantly easier for a large number of use cases.
The text was updated successfully, but these errors were encountered: