Scout knows how to analyze things like Go binaries, Java's .jar files, node_modules, etc. However, it also (reasonably) assumes the input is a container image in one of a variety of formats, so you can't really analyze something like a Go binary directly without first packing it up in a tarball and adding a bunch of unnecessary JSON metadata so you can pretend it's an image. It would be really neat if we could pass in a file or a directory that isn't container related, and have it perform similar analysis as it would if the thing passed in existed inside a container image instead. :smile:
This is a very common ask from customers as many of them only have a portion of their apps containerized. I'd say it's worthwhile to have PM consider this further.
Scout knows how to analyze things like Go binaries, Java's
.jar
files,node_modules
, etc. However, it also (reasonably) assumes the input is a container image in one of a variety of formats, so you can't really analyze something like a Go binary directly without first packing it up in a tarball and adding a bunch of unnecessary JSON metadata so you can pretend it's an image. It would be really neat if we could pass in a file or a directory that isn't container related, and have it perform similar analysis as it would if the thing passed in existed inside a container image instead. :smile: