Squashed all layers resolver

TimBrown1611 · August 26, 2024, 11:43am

Hi!
I saw an old PR related to try and find out when a package was first added. The PR had few drawbacks, however another suggestion was made and I think it is now more relevant to discuss if it might be useful now for users.
The goal can be find out in which layer a package (or CVE in case exists) was added to a docker container.
Here is the link to the PR - Squashed all layers by tomersein · Pull Request #3138 · anchore/syft · GitHub
Here is the link to the issue - Enhance scoping selections · Issue #15 · anchore/syft · GitHub

What do you think?
It can be a great baseline to the “base-image” resolver in the future.

willmurphy · September 3, 2024, 1:44pm

Hi @TimBrown1611 thanks for the reminder. @wagoodman is taking a look at the PR soon. We’ll follow up on GitHub. I’m closing this thread to keep the conversation in one place.

Topic		Replies	Views
Focus fixed versions on a CVE in grype Grype	0	12	November 17, 2024
Missing vulnerabilites in container image scans? Grype	2	27	August 14, 2024
Heads-up! Space/cache related issues on tests Announcements	0	7	September 5, 2024
Why indexing an image is much shorter than file-system? Syft	4	29	September 26, 2024
August 29th \| Open Source Gardening \| Live Stream Announcements	4	20	September 3, 2024

Squashed all layers resolver

Related topics