Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn off SBOM cataloger by default #1555

Closed
wagoodman opened this issue Feb 8, 2023 · 2 comments · Fixed by #2527
Closed

Turn off SBOM cataloger by default #1555

wagoodman opened this issue Feb 8, 2023 · 2 comments · Fixed by #2527
Assignees
@wagoodman
Labels
breaking-change Change is not backwards compatible bug Something isn't working
Milestone
Syft v1.0.0

Comments

@wagoodman
Copy link
Contributor

Today the SBOM cataloger is on by default and has no configurability to select/deselect SBOMs in certain paths, include/exclude items within SBOMs conditionally, or be able to enrich the package and relationships found in a flexible way. We could consider making the SBOM cataloger opt-in for now until we discover better mechanisms here. This could mean something like this to enable the SBOM cataloger:

syft <my-image> --include-sboms

There are several options forward here --interested in hearing thoughts here.
@wagoodman wagoodman added the bug Something isn't working label Feb 8, 2023
@kzantow kzantow added this to OSS Feb 9, 2023
@wagoodman wagoodman mentioned this issue Feb 9, 2023
Open
@tgerla tgerla removed this from OSS Feb 23, 2023
@luhring
Copy link
Contributor

luhring commented Feb 25, 2023

We could consider making the SBOM cataloger opt-in for now until we discover better mechanisms here.

Makes sense to me. 👍 I could try taking a stab at this?

This was referenced Nov 13, 2023
Merged
Open
@wagoodman wagoodman added this to the Syft 1.0 milestone Nov 14, 2023
@kzantow
Copy link
Contributor

kzantow commented Jan 19, 2024

Developer note: Since the builder PR landed, the change fairly simple, I think: updating the SBOM cataloger line to remove the pkgcataloging.ImageTag, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.ImageTag, (leaving only "sbom"). Those tags are used to select default catalogers for image and directory scans. But now the user can just re-enable this using the selection configuration, like syft --select-catalogers +sbom-cataloger

@wagoodman wagoodman mentioned this issue Jan 19, 2024
Merged
@wagoodman wagoodman self-assigned this Jan 22, 2024
@wagoodman wagoodman mentioned this issue Jan 22, 2024
Merged
@wagoodman wagoodman added the breaking-change Change is not backwards compatible label Jan 22, 2024
@Porkepix Porkepix mentioned this issue Jan 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wagoodman wagoodman

Labels
breaking-change Change is not backwards compatible bug Something isn't working
Projects
None yet
Milestone
Syft v1.0.0
Development

Successfully merging a pull request may close this issue.

Turn off the SBOM cataloger by default anchore/syft
3 participants
@wagoodman @kzantow @luhring