Closed MPV closed 3 months ago
@MPV, yes. We have an internal ticket to allow SBOMs to be used as input for the various commands. We’ll likely start with SPDX. Sound good?
Great to hear, music to my ears. 🎶🎷
@MPV, this should be possible now with syft -o spdx-json alpine | docker scout cves sbom://
.
I've run into Docker Scout having issues trying to compare large images in CI:
...so I'd like Docker Scout to be able to compare SBOMs instead of passing entire/large images around.
What's your thoughts on this?