-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 SBOM #51
Closed
2 tasks
Labels
Comments
44 tasks
with syft seems already promising. I get a full list of OS level + golang binary mod dependency list at file level. I'd say that would cover all the above: syft:
FROM anchore/syft:latest
SAVE ARTIFACT /syft syft
image-sbom:
FROM +docker
WORKDIR /build
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)
ARG FLAVOR
COPY +syft/syft /usr/bin/syft
RUN syft / -o json=sbom.syft.json -o spdx-json=sbom.spdx.json
SAVE ARTIFACT /build/sbom.syft.json sbom.syft.json AS LOCAL core-${FLAVOR}-${VERSION}-sbom.syft.json
SAVE ARTIFACT /build/sbom.spdx.json sbom.spdx.json AS LOCAL core-${FLAVOR}-${VERSION}-sbom.spdx.json |
#998 covers kairos-io/kairos. we need to do the same for kairos-io/provider-kairos |
opened kairos-io/provider-kairos#256 for provider-kairos |
mudler
added a commit
to kairos-io/provider-kairos
that referenced
this issue
Mar 2, 2023
Closes: kairos-io/kairos#51 --------- Signed-off-by: mudler <mudler@c3os.io>
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to keep track and be transparent on what is shipped on each release, would be preferred to have an automated process that collects SBOM information in c3os context
Action items
On releases, we should attach among artifacts:
luet
packages SBOMOpen questions
We use
Deliverables
(those might already exist, to 👀 )
Already existing tools
Action Items
The text was updated successfully, but these errors were encountered: