Conform to Paketo RFC0038: Generate SBOM on filesystem as well as label metadata

Question

Conform to Paketo RFC0038: Generate SBOM on filesystem as well as label metadata

robdimsdale opened this issue 3 years ago · comments

Rob Dimsdale-Zucker commented 3 years ago

To implement Paketo RFC0038, this buildpack will need to store SBOM information the filesystem in addition to the layer metadata. The RFC outlines what these files are and what they should contain.

See also paketo-buildpacks/python#399.

See the nodejs buildpack integration tests for an example on how to test this.

Rob Dimsdale-Zucker · Answer 1 · Wed Dec 15 2021 06:26:26 GMT+0800 (China Standard Time)

@paketo-buildpacks/python-maintainers can you assign this to me please?

Rob Dimsdale-Zucker · Answer 2 · Thu Feb 10 2022 05:25:38 GMT+0800 (China Standard Time)

Update: we will wait for first-class support in pack (and hence occam) before implementing this. We will support both the metadata/label format and the filesystem format via packit/v2.

Marking this as blocked until occam testing framework is available.

Rob Dimsdale-Zucker · Answer 3 · Tue Mar 29 2022 22:10:20 GMT+0800 (China Standard Time)

This is now unblocked as the requisite features are available in packit.

See the nodejs buildpack integration tests for an example on how to test this.