You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today to scan a source repo you need to clone it first:
git clone ...
syft ./my-repo
It would be more ideal to specify a repo URL and let syft deal with cloning for me:
# access via git ssh
syft [email protected]:casey/just.git
# access with https
syft https://github.com/casey/just.git
(we'd also have an additional explicit git scheme)
When we catalog git repos we should also start capturing repo specific metadata, like commit sha, tag, dirty state, etc. This should be metadata on the SBOM source object with a new type. We should maybe even upgrade implicit dir: scans to git: scans when we detect git information.
The text was updated successfully, but these errors were encountered:
(writing on the behalf of @westonsteimel )
Today to scan a source repo you need to clone it first:
It would be more ideal to specify a repo URL and let syft deal with cloning for me:
(we'd also have an additional explicit
git
scheme)When we catalog git repos we should also start capturing repo specific metadata, like commit sha, tag, dirty state, etc. This should be metadata on the SBOM source object with a new type. We should maybe even upgrade implicit
dir:
scans togit:
scans when we detect git information.The text was updated successfully, but these errors were encountered: