Forks in use

This is a list of forks of original projects that have been incorporated into syft. This tends to happen when there is some new functionality that we need upstream that we can't adapt easily in the codebase in syft. Usually a PR is opened upstream and in the meantime the fork is used in syft. We try not to get into this state, but when we do we should track which dependencies we are using that are in this state. 

Ultimately the goal is to stop using these forks. This can be done a few different ways:
1. Try and get the upstream PR merged and remove any usage of the fork from syft
2. Find an alternative library to use

## Forks

- [ ] https://github.com/kastenhq/goversion introduced in https://github.com/anchore/syft/pull/2021 which incorporates the upstream PR https://github.com/rsc/goversion/pull/25
- [ ] https://github.com/anchore/go-version which incorporates several PRs from upstream
- [ ] https://github.com/anchore/packageurl-go - Upstream was not very active, but seems to be much more so now - we should probably re-evaluate what differences exist between ours and theirs.
- [ ] https://github.com/anchore/archiver which incorporates a fix for [CVE-2024-0406](https://nvd.nist.gov/vuln/detail/CVE-2024-0406).
- [ ] https://github.com/anchore/go-homedir since the upstream has been archived
- [ ] https://github.com/anchore/go-rpmdb while https://github.com/knqyf263/go-rpmdb/pull/58 is in review

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Forks in use #2056

Forks

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Forks in use #2056

Description

Forks

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions