add file-metadata config options to docs

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Makefile

@@ -18,7 +18,7 @@ SUCCESS := $(BOLD)$(GREEN)
 COVERAGE_THRESHOLD := 68
 # CI cache busting values; change these if you want CI to not use previous stored cache
 COMPARE_CACHE_BUSTER="f7e689d76a9"
-INTEGRATION_CACHE_BUSTER="789bacdf"
+INTEGRATION_CACHE_BUSTER="23493ba738c3d2f"
 CLI_CACHE_BUSTER="789bacdf"
 BOOTSTRAP_CACHE="789bacdf"
 

README.md

@@ -1,7 +1,6 @@
 # syft
 
-[![Static Analysis + Unit + Integration](https://github.com/anchore/syft/workflows/Static%20Analysis%20+%20Unit%20+%20Integration/badge.svg)](https://github.com/anchore/syft/actions?query=workflow%3A%22Static+Analysis+%2B+Unit+%2B+Integration%22)
-[![Acceptance](https://github.com/anchore/syft/workflows/Acceptance/badge.svg)](https://github.com/anchore/syft/actions?query=workflow%3AAcceptance)
+[![Validations](https://github.com/anchore/syft/workflows/validations.yaml/badge.svg)](https://github.com/anchore/syft/workflows/validations.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/anchore/syft)](https://goreportcard.com/report/github.com/anchore/syft)
 [![GitHub release](https://img.shields.io/github/release/anchore/syft.svg)](https://github.com/anchore/syft/releases/latest)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/anchore/syft/blob/main/LICENSE)
@@ -22,28 +21,28 @@ If you encounter an issue, please [let us know using the issue tracker](https://
 
 To generate an SBOM for a Docker or OCI image:
 ```
-syft <image>
+syft packages <image>
 ```
 
 The above output includes only software that is visible in the container (i.e., the squashed representation of the image).
 To include software from all image layers in the SBOM, regardless of its presence in the final image, provide `--scope all-layers`:
 
 ```
-syft <image> --scope all-layers
+syft packages <image> --scope all-layers
 ```
 
 Syft can generate a SBOM from a variety of sources:
 ```
 # catalog a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands)
-syft path/to/image.tar
+syft packages path/to/image.tar
 
 # catalog a directory
-syft path/to/dir
+syft packages path/to/dir
 ```
 
 The output format for Syft is configurable as well:
 ```
-syft <image> -o <format>
+syft packages <image> -o <format>
 ```
 
 Where the `format`s available are:
@@ -93,19 +92,28 @@ quiet: false
 # same as SYFT_CHECK_FOR_APP_UPDATE env var
 check-for-app-update: true
 
+# cataloging packages is exposed through the packages and power-user subcommands
 packages:
+    # enable/disable cataloging of packages
+    # SYFT_PACKAGES_CATALOGING_ENABLED env var
+    cataloging-enabled: true
+  
     # the search space to look for packages (options: all-layers, squashed)
-    # same as -s ; SYFT_SCOPE env var
+    # same as -s ; SYFT_PACKAGES_SCOPE env var
     scope: "squashed"
 
+# cataloging file metadata is exposed through the power-user subcommand
 file-metadata:
-  # enable/disable cataloging if file metadata
+  # enable/disable cataloging of file metadata
+  # SYFT_FILE_METADATA_CATALOGING_ENABLED env var
   cataloging-enabled: true
   
   # the search space to look for file metadata (options: all-layers, squashed)
+  # SYFT_FILE_METADATA_SCOPE env var
   scope: "squashed"
   
   # the file digest algorithms to use when cataloging files (options: "sha256", "md5", "sha1")
+  # SYFT_FILE_METADATA_DIGESTS env var
   digests: ["sha256"]
 
 log:
@@ -121,6 +129,7 @@ log:
   # same as SYFT_LOG_FILE env var
   file: ""
 
+# uploading package SBOM is exposed through the packages subcommand
 anchore:
   # (feature-preview) the Anchore Enterprise Host or URL to upload results to (supported on Enterprise 3.0+)
   # same as -H ; SYFT_ANCHORE_HOST env var