Base image and their dependencies

docker / sbom-cli-plugin

Plugin for Docker CLI to support SBOM creation using Syft

Apache License 2.0

150 stars 15 forks source link

Base image and their dependencies #17

Open BahriNipun opened 2 years ago

BahriNipun commented 2 years ago

Will it be possible to find-

the base image involved
Segregating dependencies from base image and upstream layers ?

wagoodman commented 2 years ago

Right now the only way to do this is to filter out the SBOM document output from docker sbom manually. However, in the future we are looking at --layer to possibly answer these kinds of questions by adding more kinds of layer selections (see the upstream issue anchore/syft#15 , which expands on syft scopes, the same feature as docker sbom --layer).