DevOps Articles
Curated articles, resources, tips and trends from the DevOps World.
Generating SBOMs for Your Image with BuildKit
Summary: This is a summary of an article originally published by the source. Read the full original article here →
The latest release series of BuildKit, v0.11, introduces support for build-time attestations and SBOMs, allowing publishers to create images with records of how the image was built. In this blog post, we’ll discuss what attestations and SBOMs are, how to build images that contain SBOMs, and how to start analyzing the resulting data!
You can check that the new builder is configured correctly, and ensure it matches the buildkit v0.11 release series: $ docker buildx inspect | grep -i buildkit Buildkit: v0.11.1
Here’s how you view the generated SBOM using buildx imagetools: $ docker buildx imagetools inspect
If your target image is built for multiple architectures using the https://docs.docker.com/engine/reference/commandline/buildx_build/#platform, then you’ll need a slightly different syntax to extract the SBOM attestation: $ docker buildx imagetools inspect
Product
Useful Links
Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com