Evaluate using syft for rootfs scanning #7
Description
Our sbom generation currently relies heavily on the dependency information provided directly by OE. This is somewhat of a two edged sword, since this does not necessary work well for modern programming languages (see: savoirfairelinux#9 (comment)).
It would therefore be interesting to evaluate how well syft (https://github.com/anchore/syft) would work for our usecase (maybe as an optional additional sbom source)
Metadata
Metadata
Assignees
Labels
No labels