Syft ignore docker images

[stefanm8]

What would you like to be added:
Ability for syft to ignore specific paths and or docker container

Why is this needed:
Scan only source code vendors, bypassing private registry.

Additional context:

Scanning repository will return:

1 error occurred:
        * failed to determine image source: could not fetch image 'src/main/java/': failed to get image descriptor from registry:

although there is no intention of scanning image, but instead scan filesystem.

[spiffcs]

Hey @stefanm8! Thanks for the issue. Linking the related issue here.

@wagoodman I'll keep this one open for now, but there might be room for consolidation with #221

[stefanm8]

Hi @spiffcs

Is quite complementary, as in #221 does not suggest of scanning filesystem only.

There should be at least this option. I may be able to do it, if you give me some hints of where I should look.

Thank you

[spiffcs]

Syft also has schemes that can be provided as prefixes to get the behavior you're asking about in that final example when scanning the file system.

syft dir:path/to/yourproject
syft: file:path/to/your/project/file

Example:

git clone git@github.com:anchore/syft.git
syft dir:.

[kzantow]

There's a draft PR for #221, which allows for excluding paths from directory, archive, and image scans. Would this accomplish what you're looking to do?

[spiffcs]

Closing this issue for now since we have the ability to ignore paths per the above comment. Also with the dir and file directives users have options for generating very specific SBOM configurations. If more features are need feel free to comment and can consider reopening or filing a new issue.