Generate SBOM from SIF Image #190
Labels
roadmap
Features / changes that are scheduled to be implemented
Comments
tri-adam
added
the
roadmap
This was referenced Apr 28, 2022
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To support users of SingularityCE who are investing in their software supply chain security, we should look at adding support for users to generate a software bill of materials (SBOM) from a given SIF image, and (perhaps optionally) embed the SBOM itself within a SIF image.
We should look at integrating with an existing, open source tool to do the actual SBOM generation. We are already using Goreleaser to generate our releases, which supports SBOM generation and uses Anchore Syft under the hood (ref). This would seem like a compelling place to start.
This support could be bundled into
singularity,siftool, and/orsyftitself. @luhring, would there be any appetite to add SIF support directly within Syft? Happy to assist with effort to make that happen, if it makes sense from a user perspective.The text was updated successfully, but these errors were encountered: