Persist the metadata about the container image and its layers

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server.

https://cyclonedx.github.io/cdxgen/

Apache License 2.0

546 stars 158 forks source link

Persist the metadata about the container image and its layers #196

Open prabhu opened 1 year ago

prabhu commented 1 year ago

Currently, the metadata about the image is collected but used only for untarring. This could be passed back via the metadata section and properties block.

prabhu commented 1 year ago

Layer manifest information is now available in the metadata block for oci type scans. There is, however, a known limitation with scans involving multiple images where the last scanned image would essentially replace this section. I will keep this open unless someone screams about this limitation.