What would you like to be added:
Currently syft & grype look for certain locations for finding the container images. It works fine if the container image is built either via docker or podman as the images they build reside in certain locations and those are part of the supported sources here.
Images built using buildah though reside in different location (usually containers-storage) and when scanning using syft, it scans the remote image instead of the locally built image.
Why is this needed:
Need to add support for scanning images built using non-daemonize tool like buildah. Add a new source where syft can look for when scanning image locally before checking OciRegistry.
Additional context:
What would you like to be added:
Currently syft & grype look for certain locations for finding the container images. It works fine if the container image is built either via
dockerorpodmanas the images they build reside in certain locations and those are part of the supported sources here.Images built using buildah though reside in different location (usually
containers-storage) and when scanning using syft, it scans the remote image instead of the locally built image.Why is this needed:
Need to add support for scanning images built using non-daemonize tool like
buildah. Add a new source where syft can look for when scanning image locally before checking OciRegistry.Additional context: