Run Grype scan of files given from text file containing filelist #562
Comments
|
This seems to highly related to anchore/syft#562 (we try to keep syft and grype aligned in how you express similar actions on the CLI, which is why I'm roping in a syft issue here), where we want to be able to specify multiple inputs (whether they are files, directories, images, etc), and not just a single input. The current proposal is that this gets surfaced through the CLI as a list of arguments, so for grype: or by application configuration (TBD on final syntax): input:
- ./path/to/file1
- ./path/to/file2This would allow for more interesting configurations here too, such as mixing of source types: |
spiffcs
moved this from Triage (Comments or Progress Made)
to Backlog (Pulled Forward for Priority)
in OSS
spiffcs
moved this from Backlog (Pulled Forward for Priority)
to In Progress (Actively Resolving)
in OSS
|
An update: we started working on a way to support this, but ultimately have decided to put this on the back burner for the moment, as there are some blocking challenges. We will revisit this when the roadblocks are no longer impeding progress here. |
kzantow
moved this from In Progress (Actively Resolving)
to Parking Lot (Comments or Progress)
in OSS
kzantow
moved this from Parking Lot (Comments or Progress)
to Backlog (Pulled Forward for Priority)
in OSS
kzantow
added
the
multiple-sources
What would you like to be added:
Run Grype scan of files given from text file containing file list.
Why is this needed:
When Grype is executed, it scans the pointed directory. However, it would be very useful if Grype has some functionality to scan only files specified in a text file.
Additional context:
Like "grype -i files-to-scan.txt"
files-to-scan.txt:
/etc/directory/file1.jar
/opt/directory/file2.jar
...
/var/directory/filex.jar
Also, JSON output, in this case, should contain an absolute path of the .artifact.locations[].path
The text was updated successfully, but these errors were encountered: