What is SBOM
A “software bill of materials” (SBOM), as a key building block in software security and software supply chain risk management, is a nested inventory, a list of ingredients that make up software components.
Docker SBOM reference
https://docs.docker.com/engine/sbom/
Experimental WARNING
The docker sbom
command is currently experimental. This may change or be removed from future releases.
Docker sbom plugin
A docker plugin will be needed to run sbom command.
# install the docker-sbom plugin
curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
Generate iriusrisk SBOM
A list will be generated and available after command below.
# docker sbom continuumsecurity/iriusrisk-prod:tomcat-4
Syft v0.46.3
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [718 packages]
NAME VERSION TYPE
FastInfoset 1.2.16 java-archive
HikariCP-java7 2.4.13 java-archive
JavaEWAH 1.1.6 java-archive
US_export_policy java-archive
aceeditor 0.8.15 java-archive
...
Comments
0 comments
Please sign in to leave a comment.