-
The current copy implementation moves a source artifact to a target. The library needs to support moving references to support the following options
- [ ] copy all references and graph of objects…
-
Hi, I am wondering where to put the Vulnerabilities or CVE info for SBOM packages. In the official document, such reference should be put in [external reference](https://spdx.github.io/spdx-spec/exter…
-
As a consumer of the Stackable products I'd like to have machine readable descriptions available on what's in a specific platform release.
This is done when
- [ ] research has been done on prior a…
-
Proposal says:
> Extend the Image Manifest with a refers field (existing registries should ignore this per OCI's extensibility requirement)
Why not also oci indexes?
-
We are using cpes []{string} instead of cpe string to indicate the metadata dependency in a buildpack that uses packit,
This is working as intended when we use cpe, but breaks when we try to use cpe…
-
I followed the instructions at [CONTRIBUTING.md ](https://github.com/chainguard-dev/apko/blob/main/CONTRIBUTING.md) and ran into a problem when running the tests.
```
[apko] ❯ go test ./...
# run…
-
### Description:
Building a SAM tutorial app inside Docker container fails with "operation not permitted" on recently created [Lima](https://github.com/lima-vm/lima) VMs.
### Steps to reproduc…
-
Trying to build the first example mentioned on a mac pro x86 with docker desktop, but it fails:
```
09:04 $ docker run -v "$PWD":/work distroless.dev/apko build examples/alpine-base.yaml apko-alpi…
-
**What happened**:
The SBOM for a node module is missing dependencies listed as packages in spdx-json format.
**What you expected to happen**:
The SBOM includes all the dependencies listed in…
-
### Description
After upgrading to Docker Desktop 4.13.0 (89412) with Docker Engine 20.10.20, downloading the `postgres:11.2` image using the [CreateImage](https://docs.docker.com/engine/api/v1.41/#t…