Open templier2 opened 1 week ago
Hi @templier2, what type of python packages are you scanning? It looks like today Syft is only able to find licenses from wheel/egg files, and perhaps the license information isn't present in other packaging formats? Could you provide a reproducible case, such as a public docker image we could look at to help understand what's there and let us know what you expect?
Hi @templier2, what type of python packages are you scanning? It looks like today Syft is only able to find licenses from wheel/egg files, and perhaps the license information isn't present in other packaging formats? Could you provide a reproducible case, such as a public docker image we could look at to help understand what's there and let us know what you expect?
Hi, It is a list of libraries from requirements.txt, I suppose that every library has appropriate information about the license at pypi.org (i.e. https://pypi.org/project/rdflib/) databricks-connect==14.3.2 rdflib==7.0.0 SPARQLWrapper==2.0.0 azure-search-documents==11.4.0 pyspark==3.5.1 lxml==5.2.2
It isn't a docker image, it is just a python application.
What happened: syft shows python packages, but doesn't collect licenses.
What you expected to happen: I want to see licenses for packages
Steps to reproduce the issue: I run anchore_syft packages . -o cyclonedx-xml=bom.xml
Anything else we need to know?: unsure
Environment:
syft version
:cat /etc/os-release
or similar):