vulnerability-operator icon indicating copy to clipboard operation
vulnerability-operator copied to clipboard

Published 20 hours ago verified publisher icon ckotzbauer

Support for OCI Registries

Open nlamirault opened this issue 1 year ago • 6 comments

Hi, according to the documentation: This operator scans all SBOMs from a git-repository for vulnerabilities using Grype

The sbom-operator could generate a SBOM and store it into an OCI-Registry.

Do you think it is possible to support OCI Registry in vulnerability-operator

nlamirault avatar May 02 '23 11:05 nlamirault

Hi @nlamirault, thanks for your feature-request. Yes, it is of course possible to add an OCI-Target to this project. Which information in which format do you wish to store?

ckotzbauer avatar May 02 '23 18:05 ckotzbauer

i would like to do:

  • the sbom-operator generate SBOM, and store it into an OCI Registry
  • the vulnerability-operator load SBOM from this OCI Registry and execute a scan.

nlamirault avatar May 03 '23 04:05 nlamirault

Okay, you want OCI-Support as source instead of as target. Yes, this might also be possible.

ckotzbauer avatar May 03 '23 05:05 ckotzbauer

This issue is stale because it has been open 90 days with no activity. Remove stale label with /remove-lifecycle stale or comment or this will be closed in 5 days.

github-actions[bot] avatar Aug 02 '23 00:08 github-actions[bot]

any news on this feature @ckotzbauer ?

nlamirault avatar Aug 14 '23 16:08 nlamirault

No, not yet. I did not forget this feature, but had no time to implement it yet.

ckotzbauer avatar Aug 17 '23 04:08 ckotzbauer