Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catalog git repos natively #3246

Open
wagoodman opened this issue Sep 17, 2024 · 0 comments
Open

Catalog git repos natively #3246

wagoodman opened this issue Sep 17, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@wagoodman
Copy link
Contributor

(writing on the behalf of @westonsteimel )

Today to scan a source repo you need to clone it first:

git clone ...
syft ./my-repo

It would be more ideal to specify a repo URL and let syft deal with cloning for me:

# access via git ssh
syft git@github.com:casey/just.git

# access with https
syft https://github.com/casey/just.git

(we'd also have an additional explicit git scheme)

When we catalog git repos we should also start capturing repo specific metadata, like commit sha, tag, dirty state, etc. This should be metadata on the SBOM source object with a new type. We should maybe even upgrade implicit dir: scans to git: scans when we detect git information.
@wagoodman wagoodman added the enhancement New feature or request label Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wagoodman