You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is there a way out-of-the-box to attach a Software Bill of Material to patched images, see for example this.
I searched in the docs and in the code but could not find anything.
It will be super usefull, especially when using copa github action.
The text was updated successfully, but these errors were encountered:
@R3DRUN3 not at this time, out of box sbom generation (docker implementation) would require #298
you can generate container sboms with 3rd party tooling such as trivy sbom or syft today though.
there are a few options for attaching secure supply chain artifacts, such as attaching via referrers (used by oras), tags (used by cosign) or part of oci index/manifest list (used by docker)
What is your question?
Is there a way out-of-the-box to attach a Software Bill of Material to patched images, see for example this.
I searched in the docs and in the code but could not find anything.
It will be super usefull, especially when using copa github action.
The text was updated successfully, but these errors were encountered: