Uploaded image for project: 'Container Tools'
  1. Container Tools
  2. RUN-2041

Teach build to combine --manifest with --sbom using artifacts

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • buildah
    • False
    • None
    • False
    • rhel-sst-container-tools

      • We taught build to create a manifest list and add a built image to it with the --manifest flag.
      • We taught build to run scanners against image contents to produce SBOM files and embed them in output images and save them to local disk with the --sbom flag in RUN-1838.
      • We taught build to add files to manifest lists with a --artifact flag in RUN-2006.

      By their powers combined, we should be able to tell build to scan an image that we're building into a manifest list and add the resulting SBOM file to that list as an artifact, probably using "sbom-manifest" and "sbom-purl-manifest" boolean flags that are accepted as alternatives or supplements to "sbom-output"/"sbom-purl-output" or "sbom-image-output"/"sbom-purl-image-output".

              container-runtime-eng Container Runtime Eng Bot
              rhn-engineering-nalin Nalin Dahyabhai
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: