mirror of
https://github.com/anchore/syft.git
synced 2026-03-29 21:23:24 +02:00
e38851143e
* chore: centralize temp files and prefer streaming IO Catalogers that create temp files ad-hoc can easily forget cleanup, leaking files on disk. Similarly, io.ReadAll is convenient but risks OOM on large or malicious inputs. Introduce internal/tmpdir to manage all cataloger temp storage under a single root directory with automatic cleanup. Prefer streaming parsers (bufio.Scanner, json/yaml.NewDecoder, io.LimitReader) over buffering entire inputs into memory. Add ruleguard rules to enforce both practices going forward. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * chore: go back to old release parsing Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * simplify to limit reader in version check Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * chore: regex change postponed Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * simplify supplement release to limitreader Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Syft API Examples
This directory contains examples of how to use the Syft API.
create_simple_sbom: Create a simple SBOM from scratchcreate_custom_sbom: Create an SBOM using as much custom configuration as possible, including a custom cataloger implementationdecode_sbom: Take an existing SBOM file (of arbitrary format) and decode it into a Syft SBOM objectsource_detection: Shows how to detect what to catalog automatically from a user string (e.g. container image vs directory)source_from_image: Construct a source from a only a container image
You can run any of these examples from this directory with:
go run ./DIRECTORY_NAME