Open lclc opened 1 month ago
Hi @lclc, thanks for the issue. We think this idea makes sense. There is a workaround that you could use to inject some arbitrary information into your Grype result right now, using the --name
option. For instance, using a subshell to call git:
grype --name `git describe --tags --abbrev=0` . -o json
The value passed in using --name
will be accessible in the template using {{ .Descriptor.Configuration.Name }}
Two notes: currently the --name
value ends up in Descriptor.Configuration.Name which is not the right place -- it will move to a different path soon, when we fix that bug. We will also be changing --name
to --source-name
and adding --source-version
to match Syft. Once those changes are made, --source-version
will probably be the right place to inject this info.
We've got a couple of other issues that we will link to this one--stay tuned!
Here is a feature request for Syft related to this request: https://github.com/anchore/syft/issues/2898
What would you like to be added: When I scan code in a directory, I'd like to use the template to also return which version it scanned (I suggest using
git describe --tag
). This way, it can generate a meaningful report.Why is this needed:
When scanning images, there is
{{.Distro.Version}}
for the template. Nothing like this exists for scanning code.