sbom-cli-plugin icon indicating copy to clipboard operation
sbom-cli-plugin copied to clipboard

Published 20 hours ago verified publisher icon docker

Base image and their dependencies

Open BahriNipun opened this issue 3 years ago • 1 comments
trafficstars

Will it be possible to find-

  1. the base image involved
  2. Segregating dependencies from base image and upstream layers ?

BahriNipun avatar Apr 13 '22 14:04 BahriNipun

Right now the only way to do this is to filter out the SBOM document output from docker sbom manually. However, in the future we are looking at --layer to possibly answer these kinds of questions by adding more kinds of layer selections (see the upstream issue anchore/syft#15 , which expands on syft scopes, the same feature as docker sbom --layer).

wagoodman avatar Apr 13 '22 18:04 wagoodman