There are several polish-related reasons why it makes sense to use syft as a library instead of shelling out --this PR makes the necessary updates.
Note: this PR still pins syft to an unreleased version from a branch: https://github.com/anchore/syft/pull/864 . Don't merge this until we are using a released version of syft (validate with make validate-syft-release-version).
There are several polish-related reasons why it makes sense to use syft as a library instead of shelling out --this PR makes the necessary updates.
Note: this PR still pins syft to an unreleased version from a branch: https://github.com/anchore/syft/pull/864 . Don't merge this until we are using a released version of syft (validate with
make validate-syft-release-version
).