Some questions regarding the Syft code #3573
Labels
changelog-ignore
Don't include this issue in the release changelog
question
Further information is requested
Comments
|
@PatrickStarBaby did you answer your own question and file the issue here: If so can I close this one in favor of #3589 or is there some nuance I am missing as to why these two are separate? |
|
Of course |
|
Closing in favor of #3589 - I'll get an answer written up on there. Apologies for the delay on this! |
kzantow
added
question
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I have some questions regarding the Syft code that I'd like to ask. In pkg/cataloger/debian/dependency.go and pkg/cataloger/redhat/dependency.go, after retrieving Requires, how are the dependencies resolved from require to specific Linux software packages? For example, in Fedora, when analyzing the dependency list of a binary package, it might include /bin/sh and libc.so.6(GLIBC_2.38)(64bit). How are these dependencies eventually resolved into a concrete package list (e.g., bash and glibc)? Thank you!
The text was updated successfully, but these errors were encountered: