Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

include kodata file hashes into SBOMs? #656

Open
mattmoor opened this issue Mar 18, 2022 · 2 comments
Open

include kodata file hashes into SBOMs? #656

mattmoor opened this issue Mar 18, 2022 · 2 comments
Labels
enhancement New feature or request lifecycle/frozen sbom Related to generation of SBOMs

Comments

@mattmoor
Copy link
Collaborator

Right now our SBOMs only track the Go binary, but we include static assets via kodata today, and those aren't represented. I think for our SBOM(s) to be truly complete we need to include kodata as well.

cc @puerco @jdolitsky @imjasonh @jonjohnsonjr
@mattmoor mattmoor added the enhancement New feature or request label Mar 18, 2022
@imjasonh imjasonh added the sbom Related to generation of SBOMs label Mar 28, 2022
@github-actions
Copy link

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Keep fresh with the 'lifecycle/frozen' label.

@mattmoor
Copy link
Collaborator Author

Was talking to @puerco about having "layer" packages, and while it is probably overkill for what we have right now, it may make sense when we do this to note that we have a layer containing the Go binary and a layer containing the kodata files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request lifecycle/frozen sbom Related to generation of SBOMs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@imjasonh @mattmoor