Scan Directory: Add (git) version

[lclc]

What would you like to be added: When I scan code in a directory, I'd like to use the template to also return which version it scanned (I suggest using git describe --tag). This way, it can generate a meaningful report.

Why is this needed:

When scanning images, there is {{.Distro.Version}} for the template. Nothing like this exists for scanning code.

[tgerla]

Hi @lclc, thanks for the issue. We think this idea makes sense. There is a workaround that you could use to inject some arbitrary information into your Grype result right now, using the --name option. For instance, using a subshell to call git:

grype --name `git describe --tags --abbrev=0` . -o json

The value passed in using --name will be accessible in the template using {{ .Descriptor.Configuration.Name }}

Two notes: currently the --name value ends up in Descriptor.Configuration.Name which is not the right place -- it will move to a different path soon, when we fix that bug. We will also be changing --name to --source-name and adding --source-version to match Syft. Once those changes are made, --source-version will probably be the right place to inject this info.

We've got a couple of other issues that we will link to this one--stay tuned!

[tgerla]

Here is a feature request for Syft related to this request: https://github.com/anchore/syft/issues/2898