sbom/scan commands: synthesized apk package should include file data #355
Labels
enhancement
New feature or request
needs-triage
applied to all new customer/user issues. Removed after triage occurs.
Description
Syft/Grype have a new configuration option
ExcludeBinaryOverlapByOwnership
, which removes "binary packages" from the SBOM when the binary is claimed by the distro package.To produce results with parody to Syft and Grype, the synthesized APK package created in wolfictl's
sbom.Generate
function should account for the APK's included files, in a manner consistent with the data recorded in an APK installed DB, which will enable theExcludeBinaryOverlapByOwnership
config option to have the same effect in wolfictl's output.The text was updated successfully, but these errors were encountered: