Open mthalman opened 1 year ago
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.
[Triage] This was first noticed in the https://github.com/dotnet/dotnet-buildtools-prereqs-docker repo where there are some large images that take a long time to run SBOM generation. Some build legs end up pulling down all cached images and not building anything but still continue to run SBOM generation. This can take quite a while (> 20 mins in some cases) vs a relatively small amount of time just to pull the images. So it's completely unnecessary to do these SBOM operations.
[Triage] Slightly related: https://github.com/dotnet/docker-tools/issues/1331
Currently SBOMs are generated for all images relevant to the build job, each for images that were pulled from the cache. This is wasteful because the SBOM was already generated in the original pipeline that published that image. We don't need another one for each subsequent build where it's pulled from the cache.