You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
When scanning a directory with Syft, licenses won't show up. After investigation, this is because directory scanning does not include NewJavascriptPackageCataloger, but only NewJavascriptLockCataloger.
When scanning an image with Syft, lockfiles are ignored. After investigation, this is for the same reason.
What you expected to happen:
The same catalogers should be supported for both images and directories.
How to reproduce it (as minimally and precisely as possible):
Create a minimal package.json with a few packages (for example, express.js)
Install the packages with NPM or YARN
Directory:
Scan the directory with syft dir:./ | grep licenses
As a solution, I would suggest modifying 'pkg/cataloger/cataloger.go' to include:
javascript.NewJavascriptLockCataloger(), in ImageCatalogers' returned array javascript.NewJavascriptPackageCataloger(), in ImageCatalogers' returned array
However, these two scanners might generate duplicate results, so we might need some additional tests.
Hi @cw-acroteau. This is intended behavior, but I definitely understand the need to customize cataloger selection for individual use cases. We have an issue open to track this enhancement: #465
What happened:
When scanning a directory with Syft, licenses won't show up. After investigation, this is because directory scanning does not include NewJavascriptPackageCataloger, but only NewJavascriptLockCataloger.
When scanning an image with Syft, lockfiles are ignored. After investigation, this is for the same reason.
What you expected to happen:
The same catalogers should be supported for both images and directories.
How to reproduce it (as minimally and precisely as possible):
Directory:
syft dir:./ | grep licenses
Docker:
syft docker-archive:test-app.tar -o json | grep licenses
Anything else we need to know?:
Environment:
syft version
:cat /etc/os-release
or similar):The text was updated successfully, but these errors were encountered: