Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement RFC0044: Disable SBOM #217

Closed
candrews opened this issue Jun 14, 2023 · 1 comment
Closed

Implement RFC0044: Disable SBOM #217

candrews opened this issue Jun 14, 2023 · 1 comment

Comments

@candrews
Copy link

candrews commented Jun 14, 2023

Describe the Enhancement

This buildpack should opt-in to allowing users to disable SBOM generation. In doing so, it should conform to RFC044.

When BP_DISABLE_SBOM is set to true, buildpacks that allow SBOM to be omitted from their output should refrain from generating or attaching an SBOM in their outputs. This would apply to both new (Syft, CycloneDX, and SPDX formats) and old (label) SBOM outputs.

Additionally, when this variable is set to true a buildpack should set an image label of io.paketo.sbom.disabled to true. This label interface would allow downstream consumers of the image to understand that SBOM generation had been explicitly disabled.

Possible Solution

Motivation

SBOM generation can take substantial time. There may also be other reasons for wanting this functionality to be disabled.

@dmikusa
Copy link
Contributor

dmikusa commented Jun 15, 2023

Closing in favor of paketo-buildpacks/java#1074

@dmikusa dmikusa closed this as completed Jun 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants