Issues
- 6
javascript-cataloger: false positive - cross-spawn
#3471 opened by robertkowalski - 2
Multiple licenses as string instead of list
#3430 opened by dariozachow - 0
purl is not deterministic in java-archive cataloger
#3521 opened by TimBrown1611 - 7
Runtime Error with Syft on Singularity .sif file (panic: index out of range)
#3390 opened by SaurabhNair96 - 2
SPDX expressions are lost from CycloneDX if they contain extra parenthesis
#3441 opened by pasieronen - 6
Syft scan in offline mode is slow
#3455 opened by KeylinxTobias - 1
[DOCS] Document your CycloneDX properties
#3497 opened by jkowalleck - 1
Unable to find encoder for "spdx-json=spdx.json"
#3515 opened by wieringen - 0
Standalone Executables not listed in SBOM
#3511 opened by patrickSeal - 0
Provide Syft as a Conan package
#3504 opened by lukas-braune - 3
Invalid SPDX: missing copyright text
#3346 opened by vargenau - 6
- 2
syft should not warn on known bad package.json
#3470 opened by robbat2 - 2
Dotnet PE binary cataloger is detecting false positives
#3469 opened by wagoodman - 1
Raising containers as packages in the final SBOM
#3477 opened by spiffcs - 3
Scanning a source tree with duplicate conanfile.txt dependencies generates multiple components
#3403 opened by jkugler - 0
support configuration of layer size in Syft
#3428 opened by TimBrown1611 - 5
Look for ruby binary library evidence over executable
#3420 opened by witchcraze - 0
SBOM generation for Conanfile.py
#3488 opened by Ajit-15 - 0
missing provided files for dpkg packages
#3486 opened by ArmanPasha - 0
Configurable package merge behavior
#3485 opened by wagoodman - 1
Duplicate OpenSSL detection as both deb and binary
#3481 opened by witchcraze - 1
- 2
[Request] Ability to customize top level metadata
#3397 opened by idunbarh - 4
SBOM cataloger silently discards CycloneDX components of other types than library/application
#3447 opened by pasieronen - 2
CPE of linux-kernel not precise enough
#3437 opened by rafutek - 1
- 2
Dependency trees get merged when they should not
#3456 opened by dervoeti - 0
Add nextcloud server cataloger
#3458 opened by westonsteimel - 0
Add nextcloud app cataloger
#3459 opened by westonsteimel - 0
cataloger: golang source cataloger
#3451 opened by spiffcs - 0
Support node 6.x versions
#3404 opened by witchcraze - 1
Panic on "syft scan"
#3434 opened by cilki - 1
Support file ownership when using file source
#3345 opened by adammcclenaghan - 0
- 0
Bubble coordinate errors from stereoscope
#3415 opened by kzantow - 0
License files which do not match an SPDX expression are erroneously handled as 'unlicensed'.
#3412 opened by HeyeOpenSource - 3
conda packages identified as pypi packages
#3395 opened by vchhasatia - 7
Support scanning files in other mount namespaces
#3396 opened by ariel-miculas - 0
Add a binary classifier for redict
#3401 opened by westonsteimel - 0
Add a binary classifier for valkey
#3400 opened by westonsteimel - 0
- 2
- 2
Conan cataloger: distinquish normal and build requirements - might be relevant for other catalogers as well (e.g. NPM)
#3386 opened by jngrb - 0
- 0
Refactor Java metadata: use top-level maven metadata & deprecate scope from PomProperties
#3377 opened by kzantow - 0
Maven version ranges
#3368 opened by kzantow - 0
Delete comment
#3354 opened by BlowMeMike - 1
Need to update tag version
#3349 opened by BlowMeMike - 2
Asking for guidance with jar file scanning (*.jar files not reporting any dependency in SBOM)
#3336 opened by markusjnagel