-
Notifications
You must be signed in to change notification settings - Fork 577
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add licenses for Go packages on windows #1933
Comments
@sorokinmax license information is not present in the
e.g. to enable searching both the local go mod cache and remotes, you can enable this by executing Syft like:
Does this work for you? |
Thank you, @kzantow! I really overlooked these parameters. But it didn't work for me. I am currently running Syft on Windows and scanning a docker image. |
@sorokinmax Are you able to send the output of the command you ran with the |
@kzantow Thanks for the hint, I immediately moved on as soon as I saw the message "remote proxy walk failed for: %package-name%" in the log. I downloaded the source code of version 0.85.0 and ran it under the debugger. Here's what I managed to find in the syft/pkg/cataloger/golang/licenses.go file: It seems to me that there is some kind of problem with Syft working on Windows. P.S. At the same time, I saw in the debugger how packages are successfully downloaded up to this point. |
What would you like to be added:
The filled in "licenses" field in the SBOM report for Go packages.
Why is this needed:
Now it looks like a disadvantage compared to other dependencies.
Tracking license purity is an important part of software development.
Additional context:
License information is easy to get at https://pkg.go.dev
For example:
The text was updated successfully, but these errors were encountered: