Improve container scanning.
oliverchang opened this issue · comments
Currently the focus of OSV-Scanner is on lockfiles, with preliminary support for Debian container scanning.
We will extend this to better container scanning as well:
- Better package extraction from container images .
- Filesystem scanning.
- More distro support.
This would be amazing! Really appreciate what you're doing here :)
A few questions, out of curiosity:
- Is there currently work planned for Debian container scanning? (I imagine this would align well with gLinux scanning work, so I'm hoping yes.)
- Has work been planned for other distros, and if so, which?
- What other distros do you realistically see this getting extended to?