Export SBOM contained in native-image #40630
Labels
status: blocked
An issue that's blocked on an external project change
type: enhancement
A general enhancement
Milestone
Comments
mhalbritter
added
status: blocked
philwebb
removed
the
for: team-meeting
|
@fniephaus Would it be possible to expose the embedded SBOM via a standard Java mechanism, e.g. a readable resource on the classpath or some custom URL scheme? Then we wouldn't need to add the dependency on the GraalVM SDK and it would work right now with Boot 3.3.0-RC1. |
|
@mhalbritter I think that's technically feasible. Can you give an example or two how SBOMs are otherwise accessible via classpath/modulepath or a custom URL scheme? |
|
Sure. Take a look at this documentation here. If the SBOM would be on the classpath, you could just use |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GraalVM's
native-imagehas a feature where it can create a SBOM on native image build time and embed it. You can then use thenative-image-inspectto extract the SBOM from the native image.The GraalVM team would be open to expose an API in the
graal-sdkto get the SBOM directly without the need of thenative-image-inspect. We could add support for that in our actuator SBOM endpoint.The text was updated successfully, but these errors were encountered: