-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace packages
command with scan
#2446
Conversation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
packages
command with scan
3a8b0e2
to
0bd8122
Compare
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
0bd8122
to
97b6639
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, an overall thing to double-check: Now configs change name as a result of this name? (I can't remember whether fangs/clio will generate configs that have the command name in the yaml keys or env var name.)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* replace packages command with scan Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for packages alias Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update comments with referenes to the packages command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename valiadte args function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
syft packages was replaced by syft scan in github.com/anchore/syft/pull/2446 Signed-off-by: Brandon Mitchell <git@bmitch.net>
## Description `syft packages` was deprecated in favor of `syft scan` in `v0.100.0` anchore/syft#2446 anchore/syft@v0.99.0...v0.100.0 <img width="1539" alt="deprecated" src="https://github.com/defenseunicorns/zarf/assets/87675701/0bc6fa1f-8397-482e-bd7d-3e3987355b48"> ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed
One of the original ideas for syft was to expand the scope of the tooling to generally answer the question "what are all of the things that are in my artifact" even for things that might not fit into an SBOM. This has sense been focused down to items that can be expressed in an SBOM (which is why the secrets cataloger was removed for instance). For the same reason, as described in #516 , the
packages
command no longer makes sense as a name (since we are always creating SBOMs from what we scan, instead of only showing packages or ). This PR addresses this by deprecating the currentpackages
command in favor ofscan
(still aliasing to the root command).So any current usage of the
packages
command command......should be migrated to
scan
:A warning banner has been added to help users transition to the new command:
Closes #516 (generally follows the final suggestion in #516 (comment) )