Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

store image annotations inside the SBOM #2267

Closed
noqcks opened this issue Oct 29, 2023 · 3 comments · Fixed by #2294
Closed

store image annotations inside the SBOM #2267

noqcks opened this issue Oct 29, 2023 · 3 comments · Fixed by #2294
Assignees
@wagoodman
Labels
enhancement New feature or request

Comments

@noqcks
Copy link
Contributor

noqcks commented Oct 29, 2023
edited
Loading

What would you like to be added:

I would like to be able to store a container's labels/annotations inside a syft generated SBOM.

For example, the image mongo:4.4 contains these labels/annotations which are set by its base image ubuntu:focal

$ docker inspect mongo:4.4 | jq ".[0].Config.Labels"
{
  "org.opencontainers.image.ref.name": "ubuntu",
  "org.opencontainers.image.version": "20.04"
}

which could be stored inside a CycloneDX SBOM in the properties field like

"properties": [
        {
            "name": "syft:image:annotation:org.opencontainers.image.ref.name", 
            "value": "ubuntu"
        },
        {
            "name": "syft:image:annotation:org.opencontainers.image.version", 
            "value": "20.04"
        }
        ...
 ]

Why is this needed:

It would be nice to see what base image a container is using, as well as other metadata. This solves #1199.
@noqcks noqcks added the enhancement New feature or request label Oct 29, 2023
@noqcks noqcks mentioned this issue Nov 6, 2023
Merged
@wagoodman wagoodman self-assigned this Nov 8, 2023
@Porkepix Porkepix mentioned this issue Nov 9, 2023
Merged
@captn3m0
Copy link

captn3m0 commented Nov 9, 2023

This is a great addition. Thanks @noqcks!

@noqcks noqcks mentioned this issue Nov 9, 2023
Open
@noqcks
Copy link
Contributor Author

noqcks commented Nov 9, 2023

👊 thanks @captn3m0!

@shresthaujjwal
Copy link

Thanks @captn3m0 any idea if we can have labels in spdx too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

include image labels in cycloneDX SBOM noqcks/syft
4 participants
@captn3m0 @wagoodman @noqcks @shresthaujjwal