Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please add FOSS Disclosure for your container release #160

Closed
schr3gl3j opened this issue Aug 30, 2024 · 2 comments · Fixed by #168
Closed

Please add FOSS Disclosure for your container release #160

schr3gl3j opened this issue Aug 30, 2024 · 2 comments · Fixed by #168

Comments

@schr3gl3j
Copy link
Member

please add foss disclosure for your container release.

Julian Schregle julian.schregle@mercedes-benz.com, Mercedes-Benz Tech Innovation GmbH, legal info/Impressum
@bavarianbidi
Copy link
Member

@schr3gl3j what does that exactly mean?

We already add a SBOM document to our release. Should we push that beside the container image into the registry and publish the container image with that reference?

do you have some documentation how to do that?

@schr3gl3j
Copy link
Member Author

yes I have seen the SBOM, but there are copyright notices missing and we found additional components in the docker container that are not included in the SBOM.
As of now there are no suitable guides/checklists for the distribution of binaries or containers and this should be tackled from our side too, together with the garm-operator maintainer team :)

@rafalgalaw rafalgalaw mentioned this issue Sep 24, 2024
Merged
rafalgalaw added a commit that referenced this issue Sep 25, 2024
@rafalgalaw
fix: foss scan (#168)
61ed739 
fixes #160 
- New generation of notices file with copyright info which is required
by our FOSS guidluines
- pin actions to specific sha version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: foss scan mercedes-benz/garm-operator
2 participants
@bavarianbidi @schr3gl3j