Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Automatically detect source based on local context #2084

Open
wagoodman opened this issue Aug 31, 2023 · 0 comments
Open

Automatically detect source based on local context #2084

wagoodman opened this issue Aug 31, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@wagoodman
Copy link
Contributor

What would you like to be added:
Derived from #558 (comment) it would be ideal to try and get more specific metadata for sources that would be directory scans, but could be more specific, such as a GitSource (and we capture things like the current git commit, tag, state, etc).

Why is this needed:
This would allow for the SBOM to capture more complete information for a source when the input is not detailed enough. For instance, if scanning . we don't want the source name to be . if this is a git source, instead we should report the url for the repo, such as github.com/anchore/syft.

The same can be said for other content in a directory: if the directory is a source directory for a python project, then pull in information from the pyproject.toml to get the name of the source.

This implies that this could allow for multiple metadata sources for a single input directive (e.g. scan . might resolve in a list of a GitSource and a PythonSource [made up]).
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wagoodman