oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-19 17:33:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/internal/capabilities/appconfig.yaml
Alex Goodman 6edb1162c8 split packages.yaml to multiple files by go package 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-18 13:28:18 -05:00

61 lines
5.4 KiB
YAML
Raw Blame History

# Application-level configuration. See README.md for documentation.
# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate.
application: # AUTO-GENERATED - application-level config keys
- key: dotnet.dep-packages-must-claim-dll
description: only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL.
- key: dotnet.dep-packages-must-have-dll
description: only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL.
- key: dotnet.propagate-dll-claims-to-parents
description: treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package
- key: dotnet.relax-dll-claims-when-bundling-detected
description: show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack)
- key: golang.local-mod-cache-dir
description: specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod
- key: golang.local-vendor-dir
description: specify an explicit go vendor directory, if unset this defaults to ./vendor
- key: golang.main-module-version.from-build-settings
description: use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise
- key: golang.main-module-version.from-contents
description: search for semver-like strings in the binary contents
- key: golang.main-module-version.from-ld-flags
description: look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0)
- key: golang.no-proxy
description: specifies packages which should not be fetched by proxy if unset this defaults to $GONOPROXY
- key: golang.proxy
description: remote proxy to use when retrieving go packages from the network, if unset this defaults to $GOPROXY followed by https://proxy.golang.org
- key: golang.search-local-mod-cache-licenses
description: search for go package licences in the GOPATH of the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
- key: golang.search-local-vendor-licenses
description: search for go package licences in the vendor folder on the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
- key: golang.search-remote-licenses
description: search for go package licences by retrieving the package from a network proxy
- key: java.maven-local-repository-dir
description: override the default location of the local Maven repository. the default is the subdirectory '.m2/repository' in your home directory
- key: java.maven-url
description: maven repository to use, defaults to Maven central
- key: java.max-parent-recursive-depth
description: depth to recursively resolve parent POMs, no limit if <= 0
- key: java.resolve-transitive-dependencies
description: resolve transient dependencies such as those defined in a dependency's POM on Maven central
- key: java.use-maven-local-repository
description: 'use the local Maven repository to retrieve pom files. When Maven is installed and was previously used for building the software that is being scanned, then most pom files will be available in this repository on the local file system. this greatly speeds up scans. when all pom files are available in the local repository, then ''use-network'' is not needed. TIP: If you want to download all required pom files to the local repository without running a full build, run ''mvn help:effective-pom'' before performing the scan with syft.'
- key: java.use-network
description: enables Syft to use the network to fetch version and license information for packages when a parent or imported pom file is not found in the local maven repository. the pom files are downloaded from the remote Maven repository at 'maven-url'
- key: javascript.include-dev-dependencies
description: include development-scoped dependencies
- key: javascript.npm-base-url
description: base NPM url to use
- key: javascript.search-remote-licenses
description: enables Syft to use the network to fill in more detailed license information
- key: linux-kernel.catalog-modules
description: whether to catalog linux kernel modules found within lib/modules/** directories
- key: nix.capture-owned-files
description: enumerate all files owned by packages found within Nix store paths
- key: python.guess-unpinned-requirements
description: when running across entries in requirements.txt that do not specify a specific version (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version when given an arbitrary constraint will be used (even if that version may not be available/published).
- key: python.pypi-base-url
description: base Pypi url to use
- key: python.search-remote-licenses
description: enables Syft to use the network to fill in more detailed license information
Reference in New Issue View Git Blame Copy Permalink