Open Dentrax opened 1 year ago
Hi @Dentrax, thanks for the suggestion. Some related issues might include: https://github.com/anchore/syft/issues/1379 and https://github.com/anchore/syft/issues/246
We would be happy to take a look at a pull request to add this support, if anyone in the community would like to tackle it. There is a Go library for ISO9660 images here: https://github.com/kdomanski/iso9660
I'll move this issue to the Syft project where this work will need to be done.
What would you like to be added:
If given file is compressed or ISO, try to export all of the compressed files recursively to scan.
Why is this needed:
My use case was to scan Lima image as you can find here:
But Grype returns
No vulnerabilities found
error. But ISO contains lots oftar
files, if we recursively export all of compressed files, Grype can able to find the vulnerabilities as expected:Now Grype can able to find the packages and vulnerabilities.
Since
ISO
files are not actually compressed data, Grype could force try to uncompress of the given file regardless of its type.What would be the most effective way to handle this kind of cases?
Additional context: As the context of Grype clearly mentioned already:
vulnerability scanner FOR container images and filesystems
, the goal here is not to add support for ISO files, since it could be out-of-context of what this tool is designed for.