ci: opt-in sbom and provenance #11

crazy-max · 2022-12-16T06:06:06Z

No description provided.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

jedevc · 2022-12-16T12:24:08Z

Dockerfile

@@ -40,6 +40,8 @@ RUN --mount=target=. <<EOT
 EOT

 FROM base as build
+# enable scanning for this stage
+ARG BUILDKIT_SBOM_SCAN_STAGE=true


We don't need scanning at this step - the golang dependencies are automatically loaded from the go binary /bin/syft-scanner. This just also pulls in all the stuff from the build stages.

This doesn't work in buildkit, because syft doesn't open up tarballs it seems, I'll see if I can follow that up.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

Dockerfile: update Alpine to 3.17

a921f9f

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

crazy-max requested a review from jedevc December 16, 2022 06:26

crazy-max marked this pull request as ready for review December 16, 2022 06:26

jedevc reviewed Dec 16, 2022

View reviewed changes

crazy-max added 2 commits December 16, 2022 16:38

ci: opt-in sbom and provenance

096ea21

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

ci: enable gha cache

bf45c0b

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

crazy-max force-pushed the ci-attest branch from 6ddac85 to bf45c0b Compare December 16, 2022 15:38

crazy-max requested a review from jedevc December 16, 2022 15:38

jedevc approved these changes Jan 3, 2023

View reviewed changes

jedevc merged commit cc19961 into docker:master Jan 3, 2023

crazy-max deleted the ci-attest branch January 3, 2023 11:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: opt-in sbom and provenance #11

ci: opt-in sbom and provenance #11

crazy-max commented Dec 16, 2022

jedevc Dec 16, 2022

ci: opt-in sbom and provenance #11

ci: opt-in sbom and provenance #11

Conversation

crazy-max commented Dec 16, 2022

jedevc Dec 16, 2022

Choose a reason for hiding this comment