Skip to content

Detect nix dependencies #3814

New issue
New issue
Closed
#3837
Closed
Detect nix dependencies#3814
#3837
Assignees
wagoodman
Labels
ecosystem:nixrelating to the NIX / NIXOS ecosystemenhancementNew feature or requesthelp-wantedExtra attention is needed
@wagoodman

Description

@wagoodman
wagoodman
opened on Apr 21, 2025

Currently syft only identifies Nix packages by store name based on the path. Ideally we should be able to use dependency information from derivation files to fill out a more complete dependency graph. We also cannot be too dependend on derivation files; we still need to raise up packages we find in the store even if the user has optimized the store for production (nix-store --gc , nix-store --optimize, or with a bundling tool).

Take a look at nix-store --query --requisites for a source of truth for correct output (though I'm not an expert on nix, so any help from domain experts would be welcome!).

Metadata

Metadata

Assignees

Labels

ecosystem:nixrelating to the NIX / NIXOS ecosystemenhancementNew feature or requesthelp-wantedExtra attention is needed

Type

No type

Projects

OSS

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions