Skip to content

Where does the 16MB attestation artifact size limit come from? #262

Open
@saxonww

Description

@saxonww

We're running into a problem where we exceed the predicate size limit introduced in #80. We have a few container images with SBOMs exceeding that size limit.

What is the reason for a 16MB size limit? #80 does not link to or contain any discussion about this. It doesn't seem to be driven by library or specification requirements. A forked version of this action with #80 removed, plus a forked version of actions/attest-sbom using it, seems to allow creation and upload of an attestation with larger predicates.

Assuming our SBOMs are the size they need to be, what are our options for working around this?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions