What is SBOM
A “software bill of materials” (SBOM), as a key building block in software security and software supply chain risk management, is a nested inventory, a list of ingredients that make up software components.
Docker SBOM reference
docker sbom command is currently experimental. This may change or be removed from future releases.
Docker sbom plugin
A docker plugin will be needed to run sbom command.
# install the docker-sbom plugin curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
Generate iriusrisk SBOM
A list will be generated and available after command below.
# docker sbom continuumsecurity/iriusrisk-prod:tomcat-4
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [718 packages] NAME VERSION TYPE
FastInfoset 1.2.16 java-archive
HikariCP-java7 2.4.13 java-archive
JavaEWAH 1.1.6 java-archive
aceeditor 0.8.15 java-archive ...
Please sign in to leave a comment.