Source: www.docker.com
Generating SBOMs for Your Image with BuildKit
The latest release series of BuildKit, v0.11, introduces support for build-time attestations and SBOMs, allowing publishers to create images with records of how the image was built. In this blog post, we’ll discuss what attestations and SBOMs are, how to build images that contain SBOMs, and how to start analyzing the resulting data!
You can check that the new builder is configured correctly, and ensure it matches the buildkit v0.11 release series: $ docker buildx inspect | grep -i buildkit Buildkit: v0.11.1
Here’s how you view the generated SBOM using buildx imagetools: $ docker buildx imagetools inspect
If your target image is built for multiple architectures using the https://docs.docker.com/engine/reference/commandline/buildx_build/#platform, then you’ll need a slightly different syntax to extract the SBOM attestation: $ docker buildx imagetools inspect
You can check that the new builder is configured correctly, and ensure it matches the buildkit v0.11 release series: $ docker buildx inspect | grep -i buildkit Buildkit: v0.11.1
Here’s how you view the generated SBOM using buildx imagetools: $ docker buildx imagetools inspect
If your target image is built for multiple architectures using the https://docs.docker.com/engine/reference/commandline/buildx_build/#platform, then you’ll need a slightly different syntax to extract the SBOM attestation: $ docker buildx imagetools inspect
Related Articles
Community Partners
DevOps Careers