oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-18 00:43:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

add file-metadata config options to docs

Browse Source 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
Alex Goodman 2021-03-18 10:58:47 -04:00
parent 1d87f07da1
commit 4bde850f04
No known key found for this signature in database
GPG Key ID: 5CB45AE22BAB7EA7
2 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -18,7 +18,7 @@ SUCCESS := $(BOLD)$(GREEN)
COVERAGE_THRESHOLD := 68 COVERAGE_THRESHOLD := 68
# CI cache busting values; change these if you want CI to not use previous stored cache # CI cache busting values; change these if you want CI to not use previous stored cache
COMPARE_CACHE_BUSTER="f7e689d76a9" COMPARE_CACHE_BUSTER="f7e689d76a9"
INTEGRATION_CACHE_BUSTER="789bacdf" INTEGRATION_CACHE_BUSTER="23493ba738c3d2f"
CLI_CACHE_BUSTER="789bacdf" CLI_CACHE_BUSTER="789bacdf"
BOOTSTRAP_CACHE="789bacdf" BOOTSTRAP_CACHE="789bacdf"

27
README.md
View File

@ -1,7 +1,6 @@
# syft # syft
[![Static Analysis + Unit + Integration](https://github.com/anchore/syft/workflows/Static%20Analysis%20+%20Unit%20+%20Integration/badge.svg)](https://github.com/anchore/syft/actions?query=workflow%3A%22Static+Analysis+%2B+Unit+%2B+Integration%22) [![Validations](https://github.com/anchore/syft/workflows/validations.yaml/badge.svg)](https://github.com/anchore/syft/workflows/validations.yaml)
[![Acceptance](https://github.com/anchore/syft/workflows/Acceptance/badge.svg)](https://github.com/anchore/syft/actions?query=workflow%3AAcceptance)
[![Go Report Card](https://goreportcard.com/badge/github.com/anchore/syft)](https://goreportcard.com/report/github.com/anchore/syft) [![Go Report Card](https://goreportcard.com/badge/github.com/anchore/syft)](https://goreportcard.com/report/github.com/anchore/syft)
[![GitHub release](https://img.shields.io/github/release/anchore/syft.svg)](https://github.com/anchore/syft/releases/latest) [![GitHub release](https://img.shields.io/github/release/anchore/syft.svg)](https://github.com/anchore/syft/releases/latest)
[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/anchore/syft/blob/main/LICENSE) [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/anchore/syft/blob/main/LICENSE)
@ -22,28 +21,28 @@ If you encounter an issue, please [let us know using the issue tracker](https://
To generate an SBOM for a Docker or OCI image: To generate an SBOM for a Docker or OCI image:
``` ```
syft <image> syft packages <image>
``` ```
The above output includes only software that is visible in the container (i.e., the squashed representation of the image). The above output includes only software that is visible in the container (i.e., the squashed representation of the image).
To include software from all image layers in the SBOM, regardless of its presence in the final image, provide `--scope all-layers`: To include software from all image layers in the SBOM, regardless of its presence in the final image, provide `--scope all-layers`:
``` ```
syft <image> --scope all-layers syft packages <image> --scope all-layers
``` ```
Syft can generate a SBOM from a variety of sources: Syft can generate a SBOM from a variety of sources:
``` ```
# catalog a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands) # catalog a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands)
syft path/to/image.tar syft packages path/to/image.tar
# catalog a directory # catalog a directory
syft path/to/dir syft packages path/to/dir
``` ```
The output format for Syft is configurable as well: The output format for Syft is configurable as well:
``` ```
syft <image> -o <format> syft packages <image> -o <format>
``` ```
Where the `format`s available are: Where the `format`s available are:
@ -93,19 +92,28 @@ quiet: false
# same as SYFT_CHECK_FOR_APP_UPDATE env var # same as SYFT_CHECK_FOR_APP_UPDATE env var
check-for-app-update: true check-for-app-update: true
# cataloging packages is exposed through the packages and power-user subcommands
packages: packages:
# enable/disable cataloging of packages
# SYFT_PACKAGES_CATALOGING_ENABLED env var
cataloging-enabled: true
# the search space to look for packages (options: all-layers, squashed) # the search space to look for packages (options: all-layers, squashed)
# same as -s ; SYFT_SCOPE env var # same as -s ; SYFT_PACKAGES_SCOPE env var
scope: "squashed" scope: "squashed"
# cataloging file metadata is exposed through the power-user subcommand
file-metadata: file-metadata:
# enable/disable cataloging if file metadata # enable/disable cataloging of file metadata
# SYFT_FILE_METADATA_CATALOGING_ENABLED env var
cataloging-enabled: true cataloging-enabled: true
# the search space to look for file metadata (options: all-layers, squashed) # the search space to look for file metadata (options: all-layers, squashed)
# SYFT_FILE_METADATA_SCOPE env var
scope: "squashed" scope: "squashed"
# the file digest algorithms to use when cataloging files (options: "sha256", "md5", "sha1") # the file digest algorithms to use when cataloging files (options: "sha256", "md5", "sha1")
# SYFT_FILE_METADATA_DIGESTS env var
digests: ["sha256"] digests: ["sha256"]
log: log:
@ -121,6 +129,7 @@ log:
# same as SYFT_LOG_FILE env var # same as SYFT_LOG_FILE env var
file: "" file: ""
# uploading package SBOM is exposed through the packages subcommand
anchore: anchore:
# (feature-preview) the Anchore Enterprise Host or URL to upload results to (supported on Enterprise 3.0+) # (feature-preview) the Anchore Enterprise Host or URL to upload results to (supported on Enterprise 3.0+)
# same as -H ; SYFT_ANCHORE_HOST env var # same as -H ; SYFT_ANCHORE_HOST env var