Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload SBOM to a useful location #3

Open
kzantow opened this issue Aug 25, 2021 · 1 comment
Open

Upload SBOM to a useful location #3

kzantow opened this issue Aug 25, 2021 · 1 comment
Labels
enhancement New feature or request

Comments

@kzantow
Copy link
Contributor

kzantow commented Aug 25, 2021

If a scan is run on an image in a registry, for example, it might be useful to sign the SBOM with Sigstore and upload it to a known artifact location so users are able to associate images with this trusted information.

NOTE: this is likely to require some additional configuration options for pushing to registries, use a signing key, etc.. and may be better served as a separate action.
@kzantow kzantow added the enhancement New feature or request label Aug 25, 2021
@luhring
Copy link
Contributor

luhring commented Sep 15, 2021

I love this. I could see it as a separate action, as you point out, but I also like the idea of combining it here as an optional step (but automatic once configured), for the sake of "making it easy to do security right".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kzantow @luhring