Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide default sets of extractors for scanning in container vs source context #352

Open
oliverchang opened this issue Dec 17, 2024 · 1 comment
Open

Provide default sets of extractors for scanning in container vs source context #352

oliverchang opened this issue Dec 17, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@oliverchang
Copy link
Collaborator

Currently, OSV-SCALIBR doesn't provide any defaults / distinction for the sets of extractors to enable in source vs context context.

For example, if all extractors were enabled, we'd potentially get false positive matches when scanning a container because we'd pick up source manifest files (e.g. package-lock.json) that aren't actually installed.

We should provide an easy way for users to select which context they're running in and the set of extractors that apply to that context.
@oliverchang oliverchang added the enhancement New feature or request label Dec 17, 2024
@oliverchang
Copy link
Collaborator Author

@another-rex @erikvarga

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@oliverchang