Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: Enable SBOM and SLSA Provenance #1009

Merged
merged 2 commits into from
Jan 30, 2023
Merged

build: Enable SBOM and SLSA Provenance #1009

merged 2 commits into from
Jan 30, 2023

Conversation

stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented Jan 27, 2023

Part of: fluxcd/flux2#3522

To download the SBOM and SLSA Provenance from GHCR:

docker buildx imagetools inspect fluxcd/source-controller:rc-59e061c8 \
    --format "{{ json (index .SBOM \"linux/amd64\").SPDX}}"

docker buildx imagetools inspect fluxcd/source-controller:rc-59e061c8 \
    --format "{{ json (index .Provenance \"linux/amd64\").SLSA}}"

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@stefanprodan stefanprodan added the area/ci CI related issues and pull requests label Jan 27, 2023
@stefanprodan stefanprodan merged commit b9986fa into main Jan 30, 2023
@stefanprodan stefanprodan deleted the container-sbom branch January 30, 2023 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ci CI related issues and pull requests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants