syft
No long description provided.
Installation
dagger install github.com/hampusctl/daggerverse/syft@18e6a8a8022cbfe71dc889541717d260de413395Entrypoint
Return Type
Syft !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| container | Container | - | container is an existing container to use instead of creating a new one |
| apkoFile | File | - | apkoFile is a custom Apko image file to import instead of using repository:tag |
| repository | String ! | "ghcr.io/anchore/syft" | repository is the Docker repository for the Syft image (default: ghcr.io/anchore/syft) |
| tag | String ! | "latest" | tag is the Docker tag for the Syft image (default: latest) |
| extraCaCerts | [File ! ] | - | extraCaCerts are additional CA certificate files to add to the container |
Example
dagger -m github.com/hampusctl/daggerverse/syft@18e6a8a8022cbfe71dc889541717d260de413395 call \
--repository string --tag stringfunc (m *MyModule) Example(repository string, tag string) *dagger.Syft {
return dag.
Syft(repository, tag)
}@function
def example(repository: str, tag: str, ) -> dagger.Syft:
return (
dag.syft(repository, tag)
)@func()
example(repository: string, tag: string, ): Syft {
return dag
.syft(repository, tag)
}Types
Syft 🔗
Syft provides functionality for generating Software Bill of Materials (SBOM) using Anchore Syft.
container() 🔗
Return Type
Container !Example
dagger -m github.com/hampusctl/daggerverse/syft@18e6a8a8022cbfe71dc889541717d260de413395 call \
--repository string --tag string containerfunc (m *MyModule) Example(repository string, tag string) *dagger.Container {
return dag.
Syft(repository, tag).
Container()
}@function
def example(repository: str, tag: str, ) -> dagger.Container:
return (
dag.syft(repository, tag)
.container()
)@func()
example(repository: string, tag: string, ): Container {
return dag
.syft(repository, tag)
.container()
}scan() 🔗
ScanImage generates an SBOM from a container image and returns it as a file. Supports various image sources like docker:, registry:, oci-archive:, etc.
Return Type
Directory !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | Container | - | image is a container image to scan (e.g., "alpine:latest" or "docker:myimage:tag") |
| directory | Directory | - | directory is a directory to scan for SBOM (can be "." for current directory) |
| file | File | - | file is a single file to scan for SBOM |
| outputFormat | String ! | "spdx-json" | outputFormat specifies the SBOM output format. Supported formats: cyclonedx-json, cyclonedx-xml, github-json, purls, spdx-json, spdx-tag-value, syft-json, syft-table, syft-text, template |
| template | File | - | template is the Go template file to use when outputFormat=template |
| scheme | String | - | scheme prefixes the source path (e.g., "docker:SOURCE") |
| extraArgs | [String ! ] | - | extraArgs are additional command-line arguments passed directly to `syft scan` |
Example
dagger -m github.com/hampusctl/daggerverse/syft@18e6a8a8022cbfe71dc889541717d260de413395 call \
--repository string --tag string scan --output-format stringfunc (m *MyModule) Example(repository string, tag string, outputFormat string) *dagger.Directory {
return dag.
Syft(repository, tag).
Scan(outputFormat)
}@function
def example(repository: str, tag: str, output_format: str) -> dagger.Directory:
return (
dag.syft(repository, tag)
.scan(output_format)
)@func()
example(repository: string, tag: string, outputFormat: string): Directory {
return dag
.syft(repository, tag)
.scan(outputFormat)
}