In Syft, it's possible to specify --source-name and --source-version to add user-provided name and version of the artifact/directory being scanned to the SBOM. However, Grype doesn't accept these flags today. (It accepts --name, but that isn't wired up correctly to reach the output.)
What you expected to happen:
Running something like grype --source-version 1.2.3 --source-name my-project dir:. should put the appropriate version and name under the Source node in the resulting output.
How to reproduce it (as minimally and precisely as possible):
grype --source-version 1.2.3 --source-name my-proj dir:. fails because the flags aren't recognized.
What happened:
In Syft, it's possible to specify
--source-nameand--source-versionto add user-provided name and version of the artifact/directory being scanned to the SBOM. However, Grype doesn't accept these flags today. (It accepts--name, but that isn't wired up correctly to reach the output.)What you expected to happen:
Running something like
grype --source-version 1.2.3 --source-name my-project dir:.should put the appropriate version and name under the Source node in the resulting output.How to reproduce it (as minimally and precisely as possible):
grype --source-version 1.2.3 --source-name my-proj dir:.fails because the flags aren't recognized.Anything else we need to know?:
Would provide a nicer workaround to https://github.com/anchore/grype/issues/1866.
Environment:
grype version:cat /etc/os-releaseor similar):