Is there any feature to download/list the following details.

[parvjain639]

How to get license details in tabular form?? or Any template example which shows the following items in list: Package Name Package Version Package type Copyright Detail License Detail

[tgerla]

Hi @parvjain639, this should be possible using a custom template: https://github.com/anchore/syft#using-templates. There is a new blog post about templates (in Grype, but the concepts are similar) if you need a bit more info: https://anchore.com/blog/customizing-grype-vulnerability-reports-with-templates/ -- and please let us know if you need any help.

[parvjain639]

Thank you so much we have just solved it by using a Template...

Please clear our one more Query:

1. Does Syft and Grype have open source license files keyword scanners to facilitate obligations compliance. Having a tool to scan OSS components license files for keywords such as

IP: patents, royalties, legal, ECC: export, cryptography, AI, newtech, GDRP: privacy, regulations, chatgpt, OSS: attribution, contribution, distribution streamlined obligations compliance.

[tgerla]

At the moment, no, the tools don't have keyword scanners like you suggest. It might be difficult to automate these kinds of things, but we would be happy to consider contributions if you implemented a new scanner.

[parvjain639]

Thank you so much for your response. We will see what we can contribute!!

I am having one more doubt! How to integrate SYFT and GRYPE with GITLAB 16??

[tgerla]

You're welcome! For Gitlab integration, I would start here and read through the Gitlab docs: https://docs.gitlab.com/ee/development/integrations/secure.html

Good luck!

[wagoodman]

When it comes to a keyword search within license text that is really outside of the intended use case for syft (which is to create SBOMs). However, we don't support raising up the raw license text in the SBOM, which would at least enable downstream tooling to do this (and is supported in SPDX and CycloneDX).

If we supported such a feature (getting full license text in the SBOM) would that be useful to you?

[parvjain639]

If we supported such a feature (getting full license text in the SBOM) would that be useful to you?

Yes, this will be very helpful to us. And What about Dependencies and Depth (Level) of Dependencies??

If you can add this feature, this will be also very helpful for us and other users too.

[wagoodman]

indeed! that work is being tracked under https://github.com/anchore/syft/issues/572

[tgerla]

We will close this issue but please let us know if you need any more help. Thanks!