Open kzantow opened 2 years ago
From refinement:
After a talk with @kzantow I learned this issue was made to allow the generation of syft json AND spdx files, the former meant for vulnerability scanning, the latter for publishing purposes. But currently vuln scanning can ingest either format, so the two files aren't required. The use case where multiple outputs may be relevant, for SBOM action and CLI, is to generate a file while also printing SBOM as a table -- the table here is a visual helper to whoever ran the tool.
Depends on https://github.com/anchore/syft/issues/563
There is currently no support in Syft for this but it can be accomplished by executing multiple times. This is less than ideal, as scans have the potential to be slow. Once Syft has some support, we can look at adding this to
sbom-action
.See: