Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libpak should generate an SBOM based on the buildpack.toml for dependencies #154

Open
sambhav opened this issue Jul 13, 2022 · 2 comments
Open

libpak should generate an SBOM based on the buildpack.toml for dependencies #154

sambhav opened this issue Jul 13, 2022 · 2 comments
Labels
type:enhancement A general enhancement

Comments

@sambhav
Copy link
Contributor

sambhav commented Jul 13, 2022

Currently libpak always hardcodes and outputs syft json for dependencies at

libpak/buildpack.go

Line 112 in 5cea674

func (b BuildpackDependency) AsSyftArtifact() (sbom.SyftArtifact, error) {

We should change this to output sbom files based on the sbom media types for a particular buildpack.
@dmikusa
Copy link
Contributor

dmikusa commented Jul 13, 2022

Acknowledged. We have an item in the backlog for enabling CycloneDX output.

@dmikusa dmikusa added the type:enhancement A general enhancement label Jul 13, 2022
@loewenstein
Copy link

@dmikusa Is that item or does that item require #258?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@loewenstein @dmikusa @sambhav