grant icon indicating copy to clipboard operation
grant copied to clipboard
verified publisher icon anchore

feat: Add layerID to package struct in report

Open tomerse-sg opened this issue 2 years ago • 3 comments

Hello,

When I want to check the licenses of a given images, it is important to me to understand in which layer the package exists. This information is already provided by syft, is it possible to display it in grant as well?

Thanks for your time!

tomerse-sg avatar Feb 06 '24 14:02 tomerse-sg

I also really need this feature

limaonet avatar Jul 10 '24 08:07 limaonet

Nice! Thanks for the feedback on this.

https://github.com/anchore/syft/issues/15 ^ This is blocked since grant uses syft and would need 15 to be fulfilled

This would allow files to be associated to the individual layers and then we could disqualify base image layer licenses and ONLY find licenses added by our own software

spiffcs avatar Jul 25 '24 19:07 spiffcs

what about it? https://github.com/anchore/syft/pull/3138

this PR will provide a resolver which can find out which file \ package exists in each layer @spiffcs

tomersein avatar Sep 14 '24 05:09 tomersein