-
Epic
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
Generate SBOM for composes
-
False
-
None
-
False
-
Testable
-
To Do
-
-
Goal:
- Some customers need to have an open source compliance process, e.g. to align with European Union directives. The compliance process needs the list of software installed in a system with their license. When using Image Builder to generate the OS images, having a SBOM would simplify the process.
- Ideally, the SBOM should be available in SPDX and CycloneDX formats to allow customers to use their format their tools support.
Acceptance Criteria:
- A SPDK formatted SBOM is available alongside an Image Builder generated compose
- A CycloneDX formatted SBOM is available alongside an Image Builder generated compose
- The SBOM are available via the Image Builder API
- The SBOM are available via the Image Builder Cockpit UI