- Notifications
You must be signed in to change notification settings - Fork929
chore: enable SBOM attestation for image builds#16852
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
containerd support in Docker builds4a7c230 to76500beCompareAdded SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbomUpdated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestationsConfigured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd
containerd support in Docker buildscontainerd support in Docker buildsAdded SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbomUpdated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestationsConfigured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd
Added SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbomUpdated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestationsConfigured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd
containerd support in Docker buildscontainerd support in Docker buildscontainerd support in Docker buildsThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM.
Doesn't have to be part of this PR, but we might want to addbuild provenance to our release pipeline.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
We previously ran into issues with this:
AFAIR it occurred after enabling the containerd store in depot.dev.
If images are being pushed correctly after re-enabling thecontainerd store then this looks OK to me.
I have not tested pushing to a registry yet. But only locally. I will try to test by pushing to a registry before merging. |
05ebece intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Important
We also need to enable
containerdon depot runners.Testing
docker buildx build --sbom=true --output type=local,dest=out -f Dockerfile .to verify that an SBOM file is generated.Alsoclosescoder/internal#88