New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
composer.json isn't parsed for packages #1064
Comments
Happy to add a cataloger for |
Thanks @cpendery! If you want to add this support go ahead. Really appreciate you filling out syft's support for more things. |
@cpendery Perhaps it could be better to use composer.lock, since composer.json has only direct dependencies, leaving dependencies of dependencies out. |
Sounds great! I'll tag you on PR and test it on the repo you linked to make sure it meets what you're looking for |
@josecoimbra it looks like I should have dug a little deeper into Syft's code. Syft already index's composer's |
What happened:
Syft isn't detecting any packages when given
file:composer.json
What you expected to happen:
It should be able to index those packages since it's listed in the Syft supported languages
How to reproduce it (as minimally and precisely as possible):
Clone this repo and run Syft on it
Anything else we need to know?:
Found by @josecoimbra in anchore/grype#797
Environment:
syft version
: 48.1cat /etc/os-release
or similar):The text was updated successfully, but these errors were encountered: