Skip to content

docker/buildkit-syft-scanner

Folders and files

NameName
Last commit message
Last commit date
Dec 10, 2024
Dec 10, 2024
Dec 11, 2024
Dec 10, 2024
Dec 10, 2024
Dec 16, 2024
Nov 24, 2022
Apr 5, 2023
Dec 10, 2024
Nov 21, 2022
Jun 20, 2023
Apr 5, 2023
Dec 10, 2024
Dec 17, 2024
Dec 16, 2024

Repository files navigation

BuildKit Syft scanner

This repo packages the Syft scanner as a BuildKit SBOM generator to include scan results with the output of Docker builds.

The docker/buildkit-syft-scanner image implements the BuildKit SBOM scanner protocol defined here.

Usage

To scan an image during build with buildctl:

$ buildctl build ... \
    --output type=image,name=<image>,push=true \
    --opt attest:sbom=generator=docker/buildkit-syft-scanner

Development

buildkit-syft-scanner uses bake to build the project.

To setup a development environment by cloning the git repository:

$ git clone https://github.com/docker/buildkit-syft-scanner.git
$ cd buildkit-syft-scanner

It's recommended to setup an ephemeral local registry to push the development image to:

$ docker run -d -p 5000:5000 --rm --name registry registry:2

To build the development image, and push it to localhost:5000/buildkit-syft-scanner:dev:

$ make dev IMAGE=localhost:5000/buildkit-syft-scanner:dev 

To test the development image:

$ make examples IMAGE=localhost:5000/buildkit-syft-scanner:dev 

To scan an image during build with buildctl using the development image:

$ buildctl build ... \
    --output type=image,name=<image>,push=true \
    --opt attest:sbom=generator=localhost:5000/buildkit-syft-scanner:dev

Contributing

Want to contribute? Awesome!

buildkit-syft-scanner is mostly glue between BuildKit and Syft, so contributions will mostly likely belong in one of those projects. This project is intended to be as thin a compatibility layer as possible, so we have a strong preference for as little code here as possible.