cdupuis
commented
4 months ago @MPV, yes. We have an internal ticket to allow SBOMs to be used as input for the various commands. We’ll likely start with SPDX. Sound good?
Closed MPV closed 3 months ago
cdupuis
commented
4 months ago @MPV, yes. We have an internal ticket to allow SBOMs to be used as input for the various commands. We’ll likely start with SPDX. Sound good?
MPV
commented
4 months ago Great to hear, music to my ears. 🎶🎷
cdupuis
commented
3 months ago @MPV, this should be possible now with syft -o spdx-json alpine | docker scout cves sbom://.
I've run into Docker Scout having issues trying to compare large images in CI:
...so I'd like Docker Scout to be able to compare SBOMs instead of passing entire/large images around.
What's your thoughts on this?