Skip to content
This repository has been archived by the owner on Dec 21, 2023. It is now read-only.

Publish SBOM for Keptn artifacts/images #7163

Closed
3 tasks
oleg-nenashev opened this issue Mar 15, 2022 · 7 comments · Fixed by #9419
Closed
3 tasks

Publish SBOM for Keptn artifacts/images #7163

oleg-nenashev opened this issue Mar 15, 2022 · 7 comments · Fixed by #9419
Assignees
@mowies
Labels
good first issue Issues for getting started developing Keptn roadmap-candidate Potential candidate for the Keptn roadmap. A consensus needs to be built first security Security

Comments

@oleg-nenashev
Copy link
Member

oleg-nenashev commented Mar 15, 2022
edited

It would be really nice to publish SBOMs for all Keptn deliverables, preferably in the SPDX format so that it can be consumed by the Linux Foundation tooling ecosystem and downstream projects.

Scope:

  • Keptn service
  • Keptn integration services
  • Keptn CLI
@oleg-nenashev oleg-nenashev added roadmap-candidate Potential candidate for the Keptn roadmap. A consensus needs to be built first security Security labels Mar 15, 2022
@thisthat thisthat added ready-for-refinement Issue is relevant for the next backlog refinment good first issue Issues for getting started developing Keptn and removed ready-for-refinement Issue is relevant for the next backlog refinment labels Mar 22, 2022
@thisthat thisthat changed the title Publish SBOM for Keptn artifacts/images (WIP) Publish SBOM for Keptn artifacts/images Mar 22, 2022
@riteshsonawane1372
Copy link

riteshsonawane1372 commented Dec 28, 2022
edited

I want to give it a try, kindly assign me

@mowies
Copy link
Member

mowies commented Dec 29, 2022

Great! I assigned you.
Check out this github action here. I had my eye on it for this ticket before already: https://github.com/anchore/sbom-action

@mowies mowies changed the title (WIP) Publish SBOM for Keptn artifacts/images Publish SBOM for Keptn artifacts/images Dec 29, 2022
@mowies
Copy link
Member

mowies commented Dec 29, 2022

Cool! The general plan would be to generate the SBOMs during the release pipeline (.github/workflows/release.yml)
and then attach them to the created release as one zip archive.

This was referenced Jan 1, 2023
Closed
Closed
@riteshsonawane1372
Copy link

@mowies kindly review the #9391 PR and let me know what changes to be made.

@riteshsonawane1372 riteshsonawane1372 removed their assignment Jan 8, 2023
@mowies
Copy link
Member

mowies commented Jan 10, 2023

This PR from keptn/lifecycle-toolkit can be used as a good reference: keptn/lifecycle-toolkit#571

@mowies mowies self-assigned this Jan 10, 2023
@mowies mowies mentioned this issue Jan 10, 2023
Merged
@riteshsonawane1372
Copy link

@mowies I'm so sorry I removed the assignment I gave it a try but got too many errors. I knew abt SPDX and SBOMs but wasn't familiar with CI/CD. Thanks a lot for the opportunity, learning CI/CD now.

@mowies
Copy link
Member

mowies commented Jan 10, 2023

@riteshsonawane1372 no worries, pipelines are not easy sometimes :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mowies mowies

Labels
good first issue Issues for getting started developing Keptn roadmap-candidate Potential candidate for the Keptn roadmap. A consensus needs to be built first security Security
Projects
None yet
Milestone
No milestone
4 participants
@thisthat @oleg-nenashev @mowies @riteshsonawane1372