Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syft Directory Source: Git Tag and Metadata Information #2898

Open
spiffcs opened this issue May 23, 2024 · 0 comments
Open

Syft Directory Source: Git Tag and Metadata Information #2898

spiffcs opened this issue May 23, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@spiffcs
Copy link
Contributor

spiffcs commented May 23, 2024

What would you like to be added:
When syft runs a directory scan it should be able to intuition when it is in a git repository.

This would then lead for commit sha, tag and other git metadata to be amended to the source object of the SBOM.

Why is this needed:
This information can be carried forward into grype scanning and other templates/vulnerability reports to provide more accurate labeling and pinpointing of which version of a software project and SBOM was generated against.

Additional context:
Picking this issue up means editing the Source object and adding a specific Metadata surrounding the new git data points:

syft/syft/format/syftjson/model/source.go

Line 15 in 1c37bab

type Source struct {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wagoodman @willmurphyscode @spiffcs