sbom-cli-plugin
sbom-cli-plugin copied to clipboard
docker
Plugin for Docker CLI to support SBOM creation using Syft
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. Commits 434eadc language: reject excessively large Accept-Language strings 23407e7 go.mod: ignore cyclic dependency for tagging b18d3dd secure/precis: replace bytes.Compare with bytes.Equal 795e854 all: replace...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
**What happened**: The `TestAllFormatsExpressible` test fails due, I believe, to `syft` related issue: - `cd /root/go/src/github.com/docker/sbom-cli-plugin/test/cli` `go test -v ./... --run TestAllFormatsExpressible` ```text === RUN TestAllFormatsExpressible utils_test.go:56: obtaining fixture image...
Resolving a few linting and bouncer issues - Updated internal/logger/logrus.go to handle ioutil deprecation - Updated cmd/event_loop.go to handle linting issues - Updated .bouncer.yaml to ignore crypto/internal/boring Signed-off-by: Dave Hay
Upping from 1.45.0 to 1.50.1 to avoid panic Linked issue - [golangci-lint 1.45.0 - as referenced in Makefile - panics #29](https://github.com/docker/sbom-cli-plugin/issues/29) Signed-off-by: Dave Hay
**What happened**: Having run `make bootstrap-tools` to install the requisite version of `golangci-lint` - `1.45.0` - into `.tmp/golangci-lint` other make commands lead to a `panic `from `golangci-lint` : - ```text...
Hello, **What would you like to be added**: Have you thought about adding build time support? **Why is this needed**: With post-build scanning it's still possible to miss some detail,...
This pull request pins the Docker base image `centos:7.9.2009` in [`test/cli/test-fixtures/image-hidden-packages/Dockerfile`](https://github.com/docker/sbom-cli-plugin/blob/bacb372df80e8f2c55183476a4e96b1f875d0df7/test/cli/test-fixtures/image-hidden-packages/Dockerfile) to the current digest. https://github.com/docker/sbom-cli-plugin/blob/bacb372df80e8f2c55183476a4e96b1f875d0df7/test/cli/test-fixtures/image-hidden-packages/Dockerfile#L1-L1 Digest `sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b407` references a [multi-CPU architecture image manifest](https://docs.docker.com/desktop/multi-arch/). This image supports the following architectures:...
![atomist[bot] avatar](https://avatars.githubusercontent.com/in/407?v=4 "atomist[bot] avatar"){kind=avatar}
Will it be possible to find- 1. the base image involved 2. Segregating dependencies from base image and upstream layers ?
will the output describe the layer in which the software was first introduced?
