-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Squashed all layers #3138
base: main
Are you sure you want to change the base?
Squashed all layers #3138
Conversation
Signed-off-by: tomersein <[email protected]>
@tomersein - I know very little about the Syft internals, and I'm trying to understand this PR. From the code and comments I understand that the new option will catalog packages from all layers, but then only include packages that are visible in the squashed file-system. How is that different from the regular squashed scope (or, I could probably rephrase this to: what is the difference between 'cataloging' and 'including')? My main concern is whether this would (eventually) help to fix issue #1818 Many thanks! |
hi @dbrugman , |
Got it, thanks @tomersein |
Hi @tomersein -- thanks for the contribution. I don't think we would want to merge this as-is, though. I wonder if there are any other things we may be able to do in order for you to accomplish what you're hoping to achieve. So I understand correctly: the use case is to be able to find the layer which introduced a package, right? |
yes correct @kzantow , let me know what are the gaps so I can push some fixes \ improvements.
@kzantow - please see my notes after the meeting yesterday |
any update? :) @wagoodman |
Signed-off-by: tomersein <[email protected]>
Signed-off-by: tomersein <[email protected]>
Signed-off-by: tomersein <[email protected]>
Signed-off-by: tomersein <[email protected]>
did some static analysis corrections and all checks are now passed |
This PR tries to solve the squash-with-all-layer resolver issue, aligned to the newest version of syft.
Please let me know how to proceed further, I guess the solution here is not perfect, but it does knows how to handle deleted packages.
part of - #15