Container Scanning: Uses native container scanner, deprecates old container scanner (#1078), (#1079), (#1080), (#1082).
With this release,
- container scanning analyzes projects for applications (npm, pip, etc) dependencies.
- container scanning can filter specific targets via target exclusions using fossa configuration file.
- fossa-cli's windows binary can perform container scanning.
- container scanned projects will show origin path in FOSSA web UI.
- container scanned projects can target specific architecture via digest.
You can use --only-system-deps
flag to only scan for dependencies from apk, dpkg, dpm. This will mimic behaviour of older FOSSA CLI's container scanning (older than v3.5.0).
Learn more:
If you experience any issues with this release or have questions, please contact FOSSA Support.