Add a Files field in the Package struct

[alfredodeza]

What would you like to be added: Many package specifications like Ruby Gems provide information regarding the files that belong to a package. This information is currently not present in the output from syft.

It seems that this information is very common among other package formats so that this could potentially mean a new field in the Package struct vs. just adding it to the metadata.

Either case, this is not present at all and is needed for the different analyzers that provide that information in Anchore Engine. For package types like Python, this might present a problem, where the egg parser looks at PKG-INFO which doesn't have access to files, although SOURCES.txt (within the same directory) has all the files for that package.

Why is this needed: Parity with Anchore Engine Analyzers, specifically related to this issue anchore/anchore-engine#629

Additional context:

[wagoodman]

Agreed that we should capture this information; a better spot for it would be within the Package.Metadata field . Currently we do not have a equivalent Metadata type as we do with others (say dpkg), adding a new metadata type and housing the Files[] would be consistent with other catalogers and how data is persisted after parsing.

[luhring]

It seems like this has been addressed by now (specifically, with Alex's suggestion of using a field within Metadata).

Closing, but let me know if I've overlooked something that hasn't actually been addressed yet.