Support `SbomReport`

Question

Support `SbomReport`

MPV opened this issue 9 months ago · comments

Thoughts/ideas on supporting SbomReport?

I.e:

apiVersion: aquasecurity.github.io/v1alpha1
kind: SbomReport

An instance of the SbomReport represents the latest sbom (software bill of metarials) found in a container image of a given Kubernetes workload. It consists of a list of OS package and application bil of metarial with a summary of components and dependencies.

See:

https://aquasecurity.github.io/trivy-operator/v0.16.4/docs/crds/sbom-report/

Victor Sollerhed · Answer 1 · Mon Nov 13 2023 06:29:54 GMT+0800 (China Standard Time)

On second thought, maybe it's not applicable as a "policy report" object, as an SbomReport just contains information about the bill of materials for a particular image / Kubernetes workload.

Unless you disagree, I suppose we can close this one.

Victor Sollerhed · Answer 2 · Mon Nov 13 2023 06:32:08 GMT+0800 (China Standard Time)

For anyone else coming here, here's an example of what I'm rather seeking instead:

aquasecurity/trivy-operator#395