Scan specific file

[metametadata]

What would you like to be added:

Scan a single file, e.g. something like grype file:path/to/yourproject/composer.lock.

Why is this needed:

Currently I see only the way to scan the directory recursively: grype dir:path/to/yourproject. But a directory can contain a lot of other stuff which pollutes the output, slows scanning down, etc. E.g. in my project the dir scan detects 3,739 packages vs. 95 specifically from composer.lock due to Ruby and NPM packages detected in subdirs.

[kzantow]

Hi @metametadata, Grype supports this today. I've tested this with topthink/framework vulnerability and grype file:path/to/composer.lock successfully showed me the vulnerabilities:

$ grype file:syft/pkg/cataloger/php/test-fixtures/composer.lock 
 ✔ Vulnerability DB                [no update available]  
 ✔ Indexed file system                                                 /Users/kzantow/projects/syft-clean/syft/pkg/cataloger/php/test-fixtures
 ✔ Cataloged contents                                                         6debbc261ba9fb01f4deec7409a8e4e259fc710965d4657e5fdc97c89893bc61
   ├── ✔ Packages                        [2 packages]  
   └── ✔ Executables                     [0 executables]  
 ✔ Scanned for vulnerabilities     [2 vulnerability matches]  
   ├── by severity: 1 critical, 0 high, 1 medium, 0 low, 0 negligible
   └── by status:   1 fixed, 1 not-fixed, 0 ignored 
NAME                INSTALLED  FIXED-IN  TYPE          VULNERABILITY        SEVERITY 
topthink/framework  6.1.3                php-composer  GHSA-f4wh-359g-4pq7  Critical  
topthink/framework  6.1.3      6.1.5     php-composer  GHSA-969f-v7jv-pgj3  Medium

What is the package you are expecting to see vulnerabilities from -- perhaps it's just not in the GHSA data set?

[metametadata]

Thanks, I simply didn't know there is a file: scheme as it's not mentioned in grype --help or the readme.