Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SBOMs during build #814

Merged
merged 20 commits into from
Sep 6, 2024
Merged

Generate SBOMs during build #814

merged 20 commits into from
Sep 6, 2024

Conversation

dervoeti
Copy link
Member

@dervoeti dervoeti commented Aug 27, 2024
edited
Loading

Needed for stackabletech/issues#614

This enables SBOM generation at build time.

Products where SBOM generation did not work yet:

We can look into fixing that at a later point in time. The main value of build time SBOM generation is currently that it helps detecting how a dependency is brought into an image. Since Kafka and the Go-based products are not heavily affected and the fixes for both did not seem to be trivial, I figured that we could skip them for now since SBOM generation for these products won't provide too much value anyway at the moment. We can improve this later, we'll have to adapt SBOM generation continuously for all upcoming product versions anyway.

Another PR related to this one will follow, since this one only places an SBOM as a file inside the image. The other one will enable using this SBOM file to extend our actual published SBOMs with the dependency information (those who are attached to images and shown e.g. in our SBOM browser).

I tested all builds for LTS versions successfully on my local machine and verified that the SBOMs are present.

dervoeti added 13 commits August 7, 2024 11:54
@dervoeti
hbase / phoenix / hbase-operator-tools
7a692fc
@dervoeti
airflow / druid
f589f4d
@dervoeti
Merge branch 'main' of https://github.com/stackabletech/docker-images
f97a0b5 
…into feat/generate-sboms-during-build
@dervoeti
Merge branch 'main' of https://github.com/stackabletech/docker-images
febe345 
…into feat/generate-sboms-during-build
@dervoeti
nifi
7df2a01
@dervoeti
omid
6f029bc
@dervoeti
Merge branch 'main' of https://github.com/stackabletech/docker-images
0106c7d 
…into feat/generate-sboms-during-build
@dervoeti
hadoop / hive / spark / trino
17b13c4
@dervoeti
fix: nifi cyclonedx plugin
628bde6
@dervoeti
fix: hive cyclonedx plugin
812a564
@dervoeti
superset / zookeeper
58ce811
@dervoeti
Merge branch 'main' of https://github.com/stackabletech/docker-images
03d29da 
…into feat/generate-sboms-during-build
@dervoeti
move instead of copy SBOMs
807e849
@dervoeti dervoeti self-assigned this Aug 27, 2024
@dervoeti dervoeti requested a review from a team August 27, 2024 07:31
@lfrancke
Copy link
Member

I'd like to review this next week. If it has time I'd be grateful for that but this is no block or veto. I'll let you decide.

@dervoeti
Copy link
Member Author

Yeah fine with me, sounds like a good idea. Moved to "Track" for now.

@dervoeti dervoeti removed the request for review from a team August 27, 2024 08:32
@dervoeti dervoeti mentioned this pull request Aug 27, 2024
Open
5 tasks
@dervoeti
Copy link
Member Author

I think the builds for product versions where I did not create a patch file that generates the SBOM would fail right now. We can discuss next week if we want to create patch files for those versions as well or make the "move SBOM" steps in the Dockerfiles optional ("only move it if the file exists").

lfrancke
lfrancke reviewed Sep 6, 2024
View reviewed changes
hadoop/stackable/patches/3.4.0/005-cyclonedx-plugin.patch Outdated Show resolved Hide resolved
hive/Dockerfile Outdated Show resolved Hide resolved
airflow/Dockerfile Show resolved Hide resolved
trino/stackable/patches/451/001-cyclonedx-plugin.patch Show resolved Hide resolved
@dervoeti
Copy link
Member Author

dervoeti commented Sep 6, 2024

@lfrancke I fixed the issues mentioned in your comments and added patches for all product versions we currently build.

@dervoeti dervoeti requested a review from lfrancke September 6, 2024 15:04
lfrancke
lfrancke approved these changes Sep 6, 2024
View reviewed changes
Copy link
Member

@lfrancke lfrancke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good to me but I did not test it myself

@dervoeti dervoeti added this pull request to the merge queue Sep 6, 2024
Merged via the queue into main with commit 07b5f4c Sep 6, 2024
1 of 2 checks passed
@dervoeti dervoeti deleted the feat/generate-sboms-during-build branch September 6, 2024 15:54
This was referenced Sep 6, 2024
Merged
Merged
@dervoeti dervoeti mentioned this pull request Sep 9, 2024
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lfrancke lfrancke lfrancke approved these changes

Assignees

@dervoeti dervoeti

Labels
release/24.11.0
Projects
Stackable Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dervoeti @lfrancke