info? compare and contrast this project viz a viz anchore/syft

Question

info? compare and contrast this project viz a viz anchore/syft

rchincha opened this issue a year ago · comments

Trying to understand what the core differences are wrt https://github.com/anchore/syft
For example, is this project specific to k8s only!

Also, would you consider accepting PRs to make these values as cmdline params:
https://github.com/kubernetes-sigs/bom/blob/main/pkg/spdx/document.go#L175
since the creator could be org-specific.

Carlos Tadeu Panato Junior · Answer 1 · Fri Mar 31 2023 15:51:15 GMT+0800 (China Standard Time)

Hello, @rchincha. Thanks for the issue and the question. I will try to answer

This project started around the same timeframe as the other, and we built that to integrate, in the first place, with the k8s release process, but after that, for any kind of GO project (for now, it focuses on GO applications) and it uses the guidelines defines by the SPDX working group.
But this is not only for K8s projects. You can use it in your project.

And you can open a PR I will be happy to review that.

Hope that clarifies your question

Kubernetes Triage Robot · Answer 2 · Thu Jun 29 2023 16:31:18 GMT+0800 (China Standard Time)

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale