(tooling-trusted-releases) branch main updated: Use the script method to install syft

Mon, 15 Dec 2025 07:19:24 -0800 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new a9ebf7a  Use the script method to install syft
a9ebf7a is described below

commit a9ebf7a097d9fb374acf0638027d32f6ad44166f
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Dec 15 15:18:52 2025 +0000

    Use the script method to install syft
---
 Dockerfile.alpine | 6 ++++--
 Dockerfile.ubuntu | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index 0e15417..8b44eb3 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -58,8 +58,10 @@ RUN [ -f apache-rat-${RAT_VERSION}.jar ] || mv $(find . 
-maxdepth 1 -type f -nam
 RUN mv apache-rat-${RAT_VERSION}.jar /opt/tools
 
 # WORKDIR /var/run
-ENV SYFT_VERSION=1.38.2
-RUN GOPATH=/usr/local go install 
github.com/anchore/syft/cmd/syft@v${SYFT_VERSION}
+# ENV SYFT_VERSION=1.38.2
+# RUN GOPATH=/usr/local go install 
github.com/anchore/syft/cmd/syft@v${SYFT_VERSION}
+# TODO: This is much faster than the above, but we should figure out how to 
pin the binaries
+RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh 
| sh -s -- -b /usr/local/bin
 ENV PARLAY_VERSION=0.9.0
 RUN GOPATH=/usr/local go install github.com/snyk/parlay@v${PARLAY_VERSION}
 ENV SBOMQS_VERSION=1.1.0
diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu
index bb4cd8b..eb449b0 100644
--- a/Dockerfile.ubuntu
+++ b/Dockerfile.ubuntu
@@ -70,8 +70,10 @@ RUN [ -f apache-rat-${RAT_VERSION}.jar ] || mv $(find . 
-maxdepth 1 -type f -nam
 RUN mv apache-rat-${RAT_VERSION}.jar /opt/tools
 
 # WORKDIR /var/run
-ENV SYFT_VERSION=1.38.2
-RUN GOPATH=/usr/local go install 
github.com/anchore/syft/cmd/syft@v${SYFT_VERSION}
+# ENV SYFT_VERSION=1.38.2
+# RUN GOPATH=/usr/local go install 
github.com/anchore/syft/cmd/syft@v${SYFT_VERSION}
+# TODO: This is much faster than the above, but we should figure out how to 
pin the binaries
+RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh 
| sh -s -- -b /usr/local/bin
 ENV PARLAY_VERSION=0.9.0
 RUN GOPATH=/usr/local go install github.com/snyk/parlay@v${PARLAY_VERSION}
 ENV SBOMQS_VERSION=1.1.0


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to