Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: update default SBOM configuration to improve source detection for Golang code #42

Open
spiffcs opened this issue Feb 5, 2024 · 0 comments
Open

feature: update default SBOM configuration to improve source detection for Golang code #42

spiffcs opened this issue Feb 5, 2024 · 0 comments
Assignees
@spiffcs
Labels
Golang Improves golang ecosystem license detection syft updates needed in syft for completion
Milestone
Dogfood: Grant sh...

Comments

@spiffcs
Copy link
Collaborator

spiffcs commented Feb 5, 2024

Grant consumes syft as it's default SBOM generator when users don't bring their own bill of material. This issue is a placeholder to incorporate changes in syft where source analysis of Golang programs is done by reading the entrypoint and building a dependency tree parsed from import statements in the different files.

AST (Abstract syntax tree) analysis of the source is objectively better than leveraging the go mod which has limitations of including licenses that might not be linked against the the final binary.
@spiffcs spiffcs added Golang Improves golang ecosystem license detection Detection Improvment syft updates needed in syft for completion and removed Detection Improvment labels Feb 5, 2024
@spiffcs spiffcs changed the title Update default SBOM configuration to improve source detection for Golang code feat: ppdate default SBOM configuration to improve source detection for Golang code Feb 5, 2024
@spiffcs spiffcs changed the title feat: ppdate default SBOM configuration to improve source detection for Golang code feature: update default SBOM configuration to improve source detection for Golang code Feb 5, 2024
@wagoodman wagoodman added this to OSS Feb 7, 2024
@wagoodman wagoodman moved this to Backlog in OSS Feb 7, 2024
@spiffcs spiffcs moved this from Backlog to Ready in OSS Feb 22, 2024
@spiffcs spiffcs self-assigned this May 9, 2024
@spiffcs spiffcs moved this from Ready to In Progress in OSS May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spiffcs spiffcs

Labels
Golang Improves golang ecosystem license detection syft updates needed in syft for completion
Projects
OSS
Status: Stalled
Milestone
Dogfood: Grant should be used to gene...
Development

No branches or pull requests
1 participant
@spiffcs