-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
create SBOM for software stack provided #366
Comments
/priority backlog |
/triage needs-information |
Related: #361 |
/remove-label needs-triage |
@codificat: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/sig user-experience |
Is your feature request related to a problem? Please describe.
As a feature to support a more secure software supply chain, Thoth should generate a SBOM, for each advise requested, and build via a Tekton task. #needsRefinement
A SBOM is not a security tool but it is a means to improve security, it can’t guarantee “vulnerability-free” software but can be helpful in fast discovery of CVE.
High-level Goals
SBOM should contain:
Describe the solution you'd like
TBD
Describe alternatives you've considered
TBD
Additional context
We need to figure out how to include/embed/reference SBOM from base operating system (composability)
https://cyclonedx.org/ might be interesting
Acceptance Criteria
TBD
The text was updated successfully, but these errors were encountered: