Skip to content

Support of build-time generation #27

New issue
New issue
Open
Open
Support of build-time generation#27
Labels
enhancementNew feature or request
@ivanayov

Description

@ivanayov
ivanayov
opened on Sep 20, 2022

Hello,

What would you like to be added:

Have you thought about adding build time support?

Why is this needed:

With post-build scanning it's still possible to miss some detail, like changes done by the compiler or other tools used during building an image.

Only few sbom generation tools already support build-time generation (like Salus or pkgconf bomtool for example), but non of them is universal and complete to capture various docker builds.

The only option for the moment is implementing a build-time sbom generation tool that fits for building docker images and making it part of the build process, which is a fully valid and well-working option. Still, as there is already an experimental docker sbom feature, it would be great to have generic build time configuration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions