Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pack on platform 0.9 should download legacy boms from buildpacks from /layers/sbom/launch #1389

Closed
Tracked by #1421
natalieparellano opened this issue Mar 15, 2022 · 3 comments
Closed
Tracked by #1421

pack on platform 0.9 should download legacy boms from buildpacks from /layers/sbom/launch #1389

natalieparellano opened this issue Mar 15, 2022 · 3 comments
Labels
status/ready Issue ready to be worked on. type/enhancement Issue that requests a new feature or improvement.
Milestone
0.25.0

Comments

@natalieparellano
Copy link
Member

Description

When using lifecycle 0.14.0+ and platform api 0.9, the legacy unstructured bom will no longer be included in the io.buildpacks.build.metadata label. Instead, it can be downloaded from the build container at /layers/sbom/launch.
@natalieparellano natalieparellano added type/enhancement Issue that requests a new feature or improvement. status/ready Issue ready to be worked on. labels Mar 15, 2022
@natalieparellano natalieparellano added this to the 0.25.0 milestone Mar 15, 2022
@sambhav
Copy link
Member

sambhav commented Apr 1, 2022

I believe this already works in pack v0.24.0. Do we want to close this issue?

@natalieparellano
Copy link
Member Author

@samj1912 you are right - those files are going to come along with the /layers/sbom/launch directory that is already downloaded.

I do wonder what will happen when pack inspect --bom is run. Is it going to break if the label is not found? That might be worth verifying before closing this out.

@jromero jromero mentioned this issue Apr 13, 2022
Closed
4 tasks
@natalieparellano
Copy link
Member Author

Confirmed that it doesn't break, it just returns null:

$  pack inspect test-launch-cache --bom
Warning: Using the '--bom' flag with 'pack inspect-image <image-name>' is deprecated. Users are encouraged to use 'pack sbom download <image-name>'.
{
  "remote": null,
  "local": null
}

I think this issue can be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/ready Issue ready to be worked on. type/enhancement Issue that requests a new feature or improvement.
Projects
None yet
Milestone
0.25.0
Development

No branches or pull requests
2 participants
@natalieparellano @sambhav