Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify SBOM interaction #204

Closed
rjaegers opened this issue Nov 10, 2023 · 1 comment
Closed

Simplify SBOM interaction #204

rjaegers opened this issue Nov 10, 2023 · 1 comment
Labels
ci-improvement Improvement to the ci system stale

Comments

@rjaegers
Copy link
Member

At the moment there are different SBOMs generated; one during the docker/build-push action stage that uses Syft and the integrated buildx SBOM function; an another one again using Syft but scanning the output image to eventually submit the results to the GitHub Dependency Submission API.

If issue docker/build-push-action#861 and/or docker/build-push-action#889 are solved this can be consolidated into the build-push stage.

As an alternative instead of scanning the image again, the attested SBOM could be retrieved and fed to the Dependency Submission API.
@rjaegers rjaegers added the ci-improvement Improvement to the ci system label Nov 10, 2023
@github-actions GitHub Actions
Copy link
Contributor

This issue is marked stale because it has been open for an extended period with no activity. Remove the 'stale' label or comment otherwise this issue will be closed in 7 days.

@github-actions github-actions bot added the stale label Feb 27, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ci-improvement Improvement to the ci system stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rjaegers