I see the function in question is called here, how does this work when scanning a non-Windows image on Windows?

ooh, good though. I put a breakpoint on NewMetadataFromPath and ran a scan on "alpine:3.19" (soft.GetSource(context.Background(), "alpine:3.19", nil) and it never gets hit. the Metadata stuff is in the file sub package. I imagine an image uses the image sub package.

Maybe I am missing something though. Is there a way to scan a container like a normal file system.

However, this is duplicating what syft does, so if there is a problem where you can scan a linux image fs, even thought the scanner is on windows, that might be a problem for syft as well

I assume this function isn't being used in the image cases, we'll just need to do some due diligence to make sure. A couple things stereoscope does is scans OCI directories and saved images. If you do a docker save, the resulting file should be able to be scanned with Syft using file:, but stereoscope will provide the functionality. Similarly if the image is extracted to an OCI dir. I don't remember offhand how to get these -- some skopeo command, I assume. Ultimately these both are scanning extracted tar files, though, not the filesystem.

If there aren't any stereoscope functions actually calling this, we should probably move the function to Syft with the Windows fix.

I did a search in skopeo for NewMetadataFromPath and nothing came up. Searching in anchore it only seems to be used for this one part of syft, and a test in stereoscope.

so maybe it should be moved out, and fixed. maybe I am missing something though.

I dont think this code can get called from cross OS, or OS to container.

If you give the go ahead, I can change this PR to just remove the functions and testing, then make a PR on syft to handle it internally. Not sure how to do that properly, since they are different packages on different versions

There is almost assuredly a reason it's here. The only other thing I can think of is singularity images. Let me ask the team and get back to you, I think this at least illustrates the issue. Thanks very much for working on it!

Sorry for the delay @JoeyShapiro; after talking with folks on the team, I think the best thing is to close this PR and copy this function to Syft, with the required changes to support Windows properly, along with test to cover the functionality (existing tests here, and new tests that will run on windows). (I'm going to start migrating our build tooling so we can support Windows as a first-class citizen in our CI environment. I've already made a lot of progress on this, my own unique way, but Syft has a lot of scripting to deal with, it would be great to have a head start to prevent regressions.)

alright sounds good. I'll close this issue, and make a PR to put it all in syft. I guess I will leave it to you and your team to delete the functions in stereoscope when you see fit.