mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
f6c8057977
adds a unique synthetic package to the SBOM output that represents the go compiler when it is detected as a part of a package discovered by the go binary cataloger. When using an SBOM generated by syft - downstream vulnerability scanners now have the opportunity to detect/report on the PURL/CPEs attached to the new stdlib package. --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>