container: support passing registry aliases for substitution in pre-bom stage

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Google chat: https://chat.google.com/room/AAAA6l2dO60?cls=7

https://cyclonedx.github.io/cdxgen/

Apache License 2.0

570 stars 155 forks source link

container: support passing registry aliases for substitution in pre-bom stage #1308

Open setchy opened 2 months ago

setchy commented 2 months ago

We make extensive use of workspace global env variables to define our $PRIVATE_ARTIFACT_REGISTRY, which is used in image statements such as $PRIVATE_ARTIFACT_REGISTRY/node:latest

This enhancement suggestion is to support providing a list of registry aliases that will be substituted during the BOM process.

The equivalent of this in Renovate is documented here - https://docs.renovatebot.com/configuration-options/#registryaliases

prabhu commented 2 months ago

I am also open to adding a parser for renovate and dependabot configuration. We can gradually expand on support for formulation and settings like these would help.