The ability to extract the contents of the license file (LICENSE.txt) itself about syft HOT 3 OPEN

Hi @DatGameh, thanks for the request. This sounds like a reasonable feature (that would probably be disabled by default). Is it something you're interested in working on yourself? We would be happy to give you some pointers. In any case, we will put this in the backlog for the future.

from syft.

Thank you for considering my request @tgerla !
As far as contributions go... I'm curious to know what pointers you have in mind!

I've never made contributions to OSS, and I'm currently discussing if the requirement is really necessary.
But if I do get the chance to contribute, I'd like to know what ideas you have for this.

Edit:
Reading the code, I found the functions responsible for getting the licenses.
If I were to make code changes, would it be done here?

from syft.

That section you linked is just for golang. Each ecosystem has different mechanisms (some undefined) for how to search for and associate licenses to discovered packages.

Enhancing the license struct

The first enhancement would likely be here:

This is the core license model shared among syft packages. It currently does not have a field for LicenseText as Value and SPDXExpression are used as the current identifying fields.

Value is used when the identified license is found to NOT be a valid SPDX Expression.

Making it configurable

Including the full license text is not something we want as a default behavior so it should be turned off for all default runs of syft. Users should be given the option via configuration to toggle this feature on.

Which ecosystem

Given your issue said you need to extract licenses from software in a docker image I imagine multiple ecosystems are required. This directory structure is a rough list of the different cataloger(ecosystem/specifications) that syft supports:
https://github.com/anchore/syft/tree/main/syft/pkg/cataloger

from syft.