Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SBOM for the produced container images #451

Open
ssbarnea opened this issue Oct 29, 2024 · 1 comment · May be fixed by #536
Open

Add SBOM for the produced container images #451

ssbarnea opened this issue Oct 29, 2024 · 1 comment · May be fixed by #536

Comments

@ssbarnea
Copy link
Member

See kubernetes-sigs/bom#82
@syaghoubi00
Copy link
Contributor

SBOM's can be built into the image manifest using the in-toto spec with syft during the image build, see Docker SBOM, Podman SBOM.

Also possibly worth noting, the Docker SBOM is in the buildx toolkit, not the 'regular' docker build -- if that matters. In Podman, buildx is aliased to build.

Both Docker and Podman can embed the SBOM in the manifest or output to a local file, but only the Podman SBOM looks like it can be added as a file in the image. Since the current build process uses ${ADT_CONTAINER_ENGINE}, it will be best to be builder agnostic and just embed into the manifest or output as a file and upload as an artifact.

syaghoubi00 added a commit to syaghoubi00/ansible-dev-tools that referenced this issue Feb 3, 2025
@syaghoubi00
feat: add sbom to container images
28bec48 
Uses the `--sbom=true` flag to atatch a `syft` SBOM to the manifest

Closes: ansible#451

Signed-off-by: Sebastian Yaghoubi <[email protected]>
syaghoubi00 added a commit to syaghoubi00/ansible-dev-tools that referenced this issue Feb 3, 2025
@syaghoubi00
feat: add sbom to container images
c01879a 
Uses the `--sbom=true` flag to attach a `syft` SBOM to the manifest

Closes: ansible#451

Signed-off-by: Sebastian Yaghoubi <[email protected]>
@syaghoubi00 syaghoubi00 linked a pull request Feb 3, 2025 that will close this issue
Draft
alisonlhart pushed a commit to syaghoubi00/ansible-dev-tools that referenced this issue Feb 5, 2025
@syaghoubi00 @alisonlhart
feat: add sbom to container images
c470d42 
Uses the `--sbom=true` flag to attach a `syft` SBOM to the manifest

Closes: ansible#451

Signed-off-by: Sebastian Yaghoubi <[email protected]>
alisonlhart pushed a commit to syaghoubi00/ansible-dev-tools that referenced this issue Feb 5, 2025
@syaghoubi00 @alisonlhart
feat: add sbom to container images
ae236fe 
Uses the `--sbom=true` flag to attach a `syft` SBOM to the manifest

Closes: ansible#451

Signed-off-by: Sebastian Yaghoubi <[email protected]>
audgirka pushed a commit to syaghoubi00/ansible-dev-tools that referenced this issue Feb 5, 2025
@syaghoubi00 @audgirka
feat: add sbom to container images
7f4f714 
Uses the `--sbom=true` flag to attach a `syft` SBOM to the manifest

Closes: ansible#451

Signed-off-by: Sebastian Yaghoubi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
🧰 devtools project board
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add sbom to container images syaghoubi00/ansible-dev-tools
2 participants
@ssbarnea @syaghoubi00