-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(sbom): add a directive to generate SBOM for a layer (#420)
* feat(bom): generate bom for a layer A new bind-mount /stacker-artifacts is added to a container into which all artifacts including sbom can be added. Once the container image is built, then in the publish phase we push sbom along with the image as a OCI dist-spec "reference". Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * feat(publish): add support for publishing OCI artifacts/references Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * fix: allow importing a parent sbom Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * refactor!: OCI artifact generation support uses different path layout BREAKING CHANGE: Some paths per earlier stacker conventions are now changed as follows. /stacker/imports : ro mount for imports /stacker/artifacts : rw mount to store output of next step /stacker/tools : /proc/self mounted as /stacker/tools/bom /stacker/oci-labels : where OCI label generation logic now resides NOTE: Making this a separate commit if we want to revert Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * test: don't keep bom if failure Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * fix: address PR comments Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
- Loading branch information
Showing
30 changed files
with
1,639 additions
and
648 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.