Does syft has internal exclusions?

TimBrown1611 · September 25, 2024, 12:01pm

I am aware that syft can get exclusions in the configuration. My question is syft has directories which he doesn’t index \ scan (without getting it from the configuration)

Thanks.

wagoodman · September 25, 2024, 1:45pm

We do have certain parts of the filetree for directory scans that we ignore, which is based on the path and filesystem type for the mountpoint syft/syft/internal/fileresolver/path_skipper.go at d7005d7d8ca6d05f594f7bc1a140ae1e85bc0328 · anchore/syft · GitHub

Specifically:

ignore /proc if it is of filesytem types procfs or proc
ignore /sys if it is of filesystem type sysfs or tmpfs
ignore /dev if it is of filesystem types devfs, devtmpfs, udev, or tmpfs
ignore /run, /var/run, /var/lock if it’s of filesystem type tmpfs

This prevents from scanning directories that tend to not have software and can be problematic to scan (large symlink loops, odd device files, etc).

I don’t think there are other kinds of exclusions made from an indexer-perspective, and this is only applied to directory scans, not image scans.

Topic		Replies	Views
Does syft copies the files to a temp directory or reads in from memory? Syft	3	41	August 29, 2024
Why indexing an image is much shorter than file-system? Syft	4	29	September 26, 2024
Syft process getting hung Syft discuss	10	38	October 29, 2024
Publishing Grant in the snap store, a confinement question General	0	10	September 4, 2024
Enabling Syft network features from the CLI General	7	56	September 5, 2024

Does syft has internal exclusions?

Related topics