Distinguish OS package vs unofficial packages #2549
Labels
enhancement
New feature or request
planning
high level epic that should be broken into smaller tasks
Today syft does not distinguish between RPMs from the official distro provider vs RPMs that were curled and installed from unofficial sources. This is valuable to detect, and applies to mulitple ecosystems, but the solution is not straight forward or obvious in all cases.
The ecosystems to cover should at least be all of the OS distros we support:
The text was updated successfully, but these errors were encountered: