anchore · wagoodman · Dec 9, 2025 · Dec 9, 2025 · Dec 9, 2025 · Dec 10, 2025
diff --git a/cmd/syft/internal/options/catalog.go b/cmd/syft/internal/options/catalog.go
@@ -16,8 +16,6 @@ import (
 	"github.com/anchore/syft/syft/cataloging"
 	"github.com/anchore/syft/syft/cataloging/filecataloging"
 	"github.com/anchore/syft/syft/cataloging/pkgcataloging"
-	"github.com/anchore/syft/syft/file/cataloger/executable"
-	"github.com/anchore/syft/syft/file/cataloger/filecontent"
 	"github.com/anchore/syft/syft/pkg/cataloger/binary"
 	"github.com/anchore/syft/syft/pkg/cataloger/dotnet"
 	"github.com/anchore/syft/syft/pkg/cataloger/golang"
@@ -142,18 +140,21 @@ func (cfg Catalog) ToFilesConfig() filecataloging.Config {
 		log.WithFields("error", err).Warn("unable to configure file hashers")
 	}
 
-	return filecataloging.Config{
-		Selection: cfg.File.Metadata.Selection,
-		Hashers:   hashers,
-		Content: filecontent.Config{
-			Globs:              cfg.File.Content.Globs,
-			SkipFilesAboveSize: cfg.File.Content.SkipFilesAboveSize,
-		},
-		Executable: executable.Config{
-			MIMETypes: executable.DefaultConfig().MIMETypes,
-			Globs:     cfg.File.Executable.Globs,
-		},
-	}
+	c := filecataloging.DefaultConfig()
+	c.Selection = cfg.File.Metadata.Selection
+	c.Hashers = hashers
+	c.Content.Globs = cfg.File.Content.Globs
+	c.Content.SkipFilesAboveSize = cfg.File.Content.SkipFilesAboveSize
+	c.Executable.Globs = cfg.File.Executable.Globs
+
+	// symbol capture configuration
+	c.Executable.Symbols.CaptureScope = cfg.File.Executable.Symbols.CaptureScope
+	c.Executable.Symbols.Types = cfg.File.Executable.Symbols.Types
+	c.Executable.Symbols.Go.StandardLibrary = cfg.File.Executable.Symbols.Go.StandardLibrary
+	c.Executable.Symbols.Go.ExtendedStandardLibrary = cfg.File.Executable.Symbols.Go.ExtendedStandardLibrary
+	c.Executable.Symbols.Go.ThirdPartyModules = cfg.File.Executable.Symbols.Go.ThirdPartyModules
+
+	return c
 }
 
 func (cfg Catalog) ToLicenseConfig() cataloging.LicenseConfig {
@@ -303,6 +304,11 @@ func (cfg *Catalog) PostLoad() error {
 		return fmt.Errorf("cannot enable exclude-binary-overlap-by-ownership without enabling package-file-ownership-overlap")
 	}
 
+	// validate file executable options
+	if err := cfg.ToFilesConfig().Executable.Validate(); err != nil {
+		return fmt.Errorf("invalid file executable configuration: %w", err)
+	}
+
 	return nil
 }
 

diff --git a/cmd/syft/internal/options/file.go b/cmd/syft/internal/options/file.go
@@ -9,6 +9,7 @@ import (
 	"github.com/anchore/clio"
 	intFile "github.com/anchore/syft/internal/file"
 	"github.com/anchore/syft/syft/file"
+	"github.com/anchore/syft/syft/file/cataloger/executable"
 )
 
 type fileConfig struct {
@@ -28,11 +29,27 @@ type fileContent struct {
 }
 
 type fileExecutable struct {
-	Globs []string `yaml:"globs" json:"globs" mapstructure:"globs"`
+	Globs   []string         `yaml:"globs" json:"globs" mapstructure:"globs"`
+	Symbols fileSymbolConfig `yaml:"symbols" json:"symbols" mapstructure:"symbols"`
+}
+
+type fileSymbolConfig struct {
+	CaptureScope []executable.SymbolCaptureScope `yaml:"capture" json:"capture" mapstructure:"capture"`
+	Types        []string                        `yaml:"types" json:"types" mapstructure:"types"`
+	Go           fileGoSymbolConfig              `yaml:"go" json:"go" mapstructure:"go"`
+}
+
+type fileGoSymbolConfig struct {
+	StandardLibrary         bool `yaml:"standard-library" json:"standard-library" mapstructure:"standard-library"`
+	ExtendedStandardLibrary bool `yaml:"extended-standard-library" json:"extended-standard-library" mapstructure:"extended-standard-library"`
+	ThirdPartyModules       bool `yaml:"third-party-modules" json:"third-party-modules" mapstructure:"third-party-modules"`
 }
 
 func defaultFileConfig() fileConfig {
-	return fileConfig{
+	api := executable.DefaultConfig()
+
+	// start with API defaults and override CLI-specific values
+	cfg := fileConfig{
 		Metadata: fileMetadata{
 			Selection: file.FilesOwnedByPackageSelection,
 			Digests:   []string{"sha1", "sha256"},
@@ -41,9 +58,19 @@ func defaultFileConfig() fileConfig {
 			SkipFilesAboveSize: 250 * intFile.KB,
 		},
 		Executable: fileExecutable{
-			Globs: nil,
+			Globs: api.Globs,
+			Symbols: fileSymbolConfig{
+				CaptureScope: api.Symbols.CaptureScope,
+				Types:        api.Symbols.Types,
+				Go: fileGoSymbolConfig{
+					StandardLibrary:         api.Symbols.Go.StandardLibrary,
+					ExtendedStandardLibrary: api.Symbols.Go.ExtendedStandardLibrary,
+					ThirdPartyModules:       api.Symbols.Go.ThirdPartyModules,
+				},
+			},
 		},
 	}
+	return cfg
 }
 
 var _ interface {
@@ -64,7 +91,7 @@ func (c *fileConfig) PostLoad() error {
 }
 
 func (c *fileConfig) DescribeFields(descriptions clio.FieldDescriptionSet) {
-	descriptions.Add(&c.Metadata.Selection, `select which files should be captured by the file-metadata cataloger and included in the SBOM. 
+	descriptions.Add(&c.Metadata.Selection, `select which files should be captured by the file-metadata cataloger and included in the SBOM.
 Options include:
  - "all": capture all files from the search space
  - "owned-by-package": capture only files owned by packages
@@ -75,4 +102,13 @@ Options include:
 	descriptions.Add(&c.Content.Globs, `file globs for the cataloger to match on`)
 
 	descriptions.Add(&c.Executable.Globs, `file globs for the cataloger to match on`)
+
+	// symbol capture configuration
+	descriptions.Add(&c.Executable.Symbols.CaptureScope, `the scope of symbols to capture from executables (options: "golang")`)
+	descriptions.Add(&c.Executable.Symbols.Types, `the types of symbols to capture, relative to "go tool nm" output (options: "T", "t", "R", "r", "D", "d", "B", "b", "C", "U")`)
+
+	// go symbol configuration
+	descriptions.Add(&c.Executable.Symbols.Go.StandardLibrary, `capture Go standard library symbols (e.g. "fmt", "net/http")`)
+	descriptions.Add(&c.Executable.Symbols.Go.ExtendedStandardLibrary, `capture extended Go standard library symbols (e.g. "golang.org/x/net")`)
+	descriptions.Add(&c.Executable.Symbols.Go.ThirdPartyModules, `capture third-party module symbols (e.g. "github.com/spf13/cobra")`)
 }
diff --git a/internal/constants.go b/internal/constants.go
@@ -3,10 +3,12 @@ package internal
 const (
 	// JSONSchemaVersion is the current schema version output by the JSON encoder
 	// This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment.
-	JSONSchemaVersion = "16.1.2"
+	JSONSchemaVersion = "16.1.3"
 
 	// Changelog
 	// 16.1.0 - reformulated the python pdm fields (added "URL" and removed the unused "path" field).
 	// 16.1.1 - correct elf package osCpe field according to the document of systemd (also add appCpe field)
+	// 16.1.2 - add DotnetDepsEntry.type package metadata field
+	// 16.1.3 - add file executable toolchain and symbol information
 
 )