Automatically detect source based on local context #2084
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Derived from #558 (comment) it would be ideal to try and get more specific metadata for sources that would be directory scans, but could be more specific, such as a
GitSource(and we capture things like the current git commit, tag, state, etc).Why is this needed:
This would allow for the SBOM to capture more complete information for a source when the input is not detailed enough. For instance, if scanning
.we don't want the source name to be.if this is a git source, instead we should report the url for the repo, such asgit.luolix.top/anchore/syft.The same can be said for other content in a directory: if the directory is a source directory for a python project, then pull in information from the pyproject.toml to get the name of the source.
This implies that this could allow for multiple metadata sources for a single input directive (e.g. scan
.might resolve in a list of a GitSource and a PythonSource [made up]).The text was updated successfully, but these errors were encountered: