You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The plugin currently does not support the --sbom flag when building Docker images using the buildx command. This flag is used to generate a Software Bill of Materials (SBOM) during the build process, providing critical security and transparency for container images.
Without this option, users must manually generate SBOMs outside of the plugin, leading to a less streamlined workflow and missing out on the benefits of integrated SBOM generation. This reduces visibility into the dependencies and potential security vulnerabilities in the Docker image.
What did you want to happen?
I would like to see the addition of an sbom boolean flag (e.g., --sbom=true) to the plugin configuration for builds using the buildx command. When enabled, this flag would generate an SBOM during the Docker image build process.
This feature would allow developers to easily include SBOM generation as part of their build pipeline, improving image transparency and security without needing additional manual steps.
More information about the --sbom flag can be found here
The text was updated successfully, but these errors were encountered:
What happened?
The plugin currently does not support the --sbom flag when building Docker images using the buildx command. This flag is used to generate a Software Bill of Materials (SBOM) during the build process, providing critical security and transparency for container images.
Without this option, users must manually generate SBOMs outside of the plugin, leading to a less streamlined workflow and missing out on the benefits of integrated SBOM generation. This reduces visibility into the dependencies and potential security vulnerabilities in the Docker image.
What did you want to happen?
I would like to see the addition of an sbom boolean flag (e.g., --sbom=true) to the plugin configuration for builds using the buildx command. When enabled, this flag would generate an SBOM during the Docker image build process.
Example:
This feature would allow developers to easily include SBOM generation as part of their build pipeline, improving image transparency and security without needing additional manual steps.
More information about the --sbom flag can be found here
The text was updated successfully, but these errors were encountered: