Support for GraalVM native image with embedded SBOM #5634
LesSyner
started this conversation in
Development
Replies: 2 comments
-
|
Looks interesting. We welcome contributions. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I'm not the Syft or Grype developer. Only pointed to this fact in case it may somehow help to implement it in Trivy :) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Does Trivy team have plans to support GraalVM native images with their functionality of embedded SBOM? It's CycloneDX SBOM file so SBOM format is supported by Trivy. But it would be good to have functionality to recognize GrallVM images and use embedded SBOM as a components list (as the only SBOM in case of GraalVM scanning or as a partial SBOM in case of GraalVM executables incorporated into OCI image).
Here is general info about SBOM files in GraalVM: https://www.graalvm.org/latest/security-guide/native-image/
BTW Syft and Grype have already support for GraalVM SBOM and are OSS software so it's simple info from me if their work can be used in some way.
Beta Was this translation helpful? Give feedback.
All reactions