You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to be added: Many package specifications like Ruby Gems provide information regarding the files that belong to a package. This information is currently not present in the output from syft.
It seems that this information is very common among other package formats so that this could potentially mean a new field in the Package struct vs. just adding it to the metadata.
Either case, this is not present at all and is needed for the different analyzers that provide that information in Anchore Engine. For package types like Python, this might present a problem, where the egg parser looks at PKG-INFO which doesn't have access to files, although SOURCES.txt (within the same directory) has all the files for that package.
Why is this needed: Parity with Anchore Engine Analyzers, specifically related to this issue anchore/anchore-engine#629
Additional context:
The text was updated successfully, but these errors were encountered:
Agreed that we should capture this information; a better spot for it would be within the Package.Metadata field . Currently we do not have a equivalent Metadata type as we do with others (say dpkg), adding a new metadata type and housing the Files[] would be consistent with other catalogers and how data is persisted after parsing.
What would you like to be added: Many package specifications like Ruby Gems provide information regarding the files that belong to a package. This information is currently not present in the output from syft.
It seems that this information is very common among other package formats so that this could potentially mean a new field in the Package struct vs. just adding it to the metadata.
Either case, this is not present at all and is needed for the different analyzers that provide that information in Anchore Engine. For package types like Python, this might present a problem, where the egg parser looks at
PKG-INFO
which doesn't have access to files, althoughSOURCES.txt
(within the same directory) has all the files for that package.Why is this needed: Parity with Anchore Engine Analyzers, specifically related to this issue anchore/anchore-engine#629
Additional context:
The text was updated successfully, but these errors were encountered: