integrate syft go-module detection with engine

anchore / anchore-engine

A service that analyzes docker images and scans for vulnerabilities

Apache License 2.0

1.57k stars 273 forks source link

integrate syft go-module detection with engine #1361

Closed westonsteimel closed 2 years ago

westonsteimel commented 2 years ago

The version of syft bundled with anchore-engine already supports extracting Go module dependencies from go binaries; however, this information is currently filtered out by anchore-engine. This PR provides the necessary mappings to support go-modules within anchore-engine.

westonsteimel commented 2 years ago

We might also be able to remove https://github.com/anchore/anchore-engine/blob/master/anchore_engine/analyzers/modules/32_golang_packages.py, but I wasn't completely sure

subecho commented 2 years ago

We might also be able to remove https://github.com/anchore/anchore-engine/blob/master/anchore_engine/analyzers/modules/32_golang_packages.py, but I wasn't completely sure

We can try to remove it in another PR and see if anything breaks!