Justin Chadwell comments

Results 161 comments of


Justin Chadwell

SBOM attestations generation

The one major remaining thing still missing from this is the ability to bundle attestations internally, which will allow the sbom scanning protocol to output sboms in different formats, which...

Have pushed functionality to do attestation bundling to let a generator produce multiple outputs per input. This requires a new version of [jedevc/buildkit-syft-scanner](https://github.com/jedevc/buildkit-syft-scanner/blob/master/Dockerfile).

SBOM attestations generation

Have enhanced the scanning protocol to clarify how multiple refs are scanned at a time. A scan has one "primary" ref to scan (the runtime rootfs), but may contain multiple...

SBOM attestations generation

Have rebased, should be ready to review/merge. I did draft a new commit to maybe pull on top of this: https://github.com/moby/buildkit/commit/d4ced278ba97e3883f91611499e2e1a942663e1d (with the corresponding change https://github.com/jedevc/buildkit-syft-scanner/commit/e6fa1e1944e81de23c653a173e96dd7dde5c82ad). This would change the...

expand env doesn't work when using RUN --mount=type=secret,id=mynetrc,target=/root/.netrc option in Dockerfile

See https://github.com/moby/buildkit/issues/2909: > This was added in 1.3 https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.3.0

expand env doesn't work when using RUN --mount=type=secret,id=mynetrc,target=/root/.netrc option in Dockerfile

Aha, sorry this is a bit more fiddly than I first thought :tada: So actually in case 1: `RUN --mount=type=secret,id=mynetrc,target=~/.netrc cat ~/.netrc` - this isn't doing what you think it's...

[RFC] ADD/COPY scripting improvements

Have you seen https://github.com/moby/moby/issues/35639 (there's also a longer discussion in https://github.com/moby/moby/issues/15858)? The issue proposes a `--parents` flag, similar to the `cp --parents` flag, which I think seems similar in functionality...