Please enter url.
In April 2022 Justin Cormack, CTO of Docker announced that Docker was adding support to generate a Software Bill of Materials (SBOM) for container ima

How to add a Software Bill of Materials (SBOM) to your containers with GitHub Actions

submited by
Style Pass
2023-01-25 16:30:05

In April 2022 Justin Cormack, CTO of Docker announced that Docker was adding support to generate a Software Bill of Materials (SBOM) for container images.

An SBOM is an inventory of the components that make up a software application. It is a list of the components that make up a software application including the version of each component. The version is important because it can be cross-reference with a vulnerability database to determine if the component has any known vulnerabilities.

Many organisations are also required to company with certain Open Source Software (OSS) licenses. So if SBOMs are included in the software they purchase or consume from vendors, then it can be used to determine if the software is compliant with their specific license requirements, lowering legal and compliance risk.

Docker's enhancements to Docker Desktop and their open source Buildkit tool were the result of a collaboration with Anchore, a company that provides a commercial SBOM solution.

Read more actuated.dev...
Share :  
Leave a Comment
Related Posts

Waiting for dependencies in tests

Comment

Ivan Velichko on Twitter: "How to grasp Containers and Docker (Mega Thread) When I started using containers back in 2015, I thought they were tiny virtual machines with a subsecond startup time. It was easy to follow tutorials from the Internet on how to put your Python or Node.js app into a container..."

Comment

Maine law shifts recycling costs to packaging producers

Comment

The Bottlerocket AMI for Amazon ECS is now Generally Available

Comment

LinuxKit as a Commodity for Building Linux Distributions

Comment

Automatically publishing your build artifacts | agateau.com

Comment

hashicorp / vagrant

Comment

Apple Says NeuralHash Tech Impacted by 'Hash Collisions' Is Not the Version Used for CSAM Detection

Comment

Skilled Workers Are Scarce, Posing a Challenge for Biden’s Infrastructure Plan

Comment

Amtrak might add more than 50 new routes. But they still won't be faster than a car

Comment
Recent Posts

Talos built Sonic to reduce the time it takes to read and write data from the network with minimal latency

Comment

Working with stacked commits in GitHub with Sapling

Comment

Discovering and Diagnosing a Google AdSense Rendering Bug

Comment

Microsoft says cloud AI demand is exceeding supply even after 79% surge in capital spending

Comment

In constantly reaching for past parallels to explain our peculiar times we miss the real lessons of the master historian

Comment

16-year-old child of billionaire tech CEO reported missing

Comment

DRINK ME: (Ab)Using a LLM to compress text

Comment

Russia stands alone in vetoing UN resolution on nuclear weapons in space

Comment

GMB launches legal action against ‘out of control’ Amazon at Coventry warehouse

Comment

UK's Investigatory Powers Bill to become law despite tech world opposition

Comment

TikTok ban could escalate US-China trade war, ex-White House CIO tells The Reg

Comment

ByteDance 'would rather' torpedo TikTok than sell it off

Comment

Pharo - Pharo 12 Released!

Comment

THE UNIVERSE AS A COMPUTER, John Archibald Wheeler

Comment

Qwen1.5-110B: The First 100B+ Model of the Qwen1.5 Series

Comment

Michael’s Substack

Comment

Give Your App Shortcut Icons The Color They Deserve

Comment

Python Enhancement Proposals

Comment

watchID - Identify Any Watch with a picture - powered by Horoview.com

Comment

Mass claim case launched against Apple for deliberately slowing its iPhones

Comment