Since the early days of cosign, attaching SBOMs to images has been a common pattern. Since bom can generate SBOMs of images stored in registries, we should add support for reading and pushing SBOMs to the registries.
Given enough credentials, something like this would be awesome:
What would you like to be added:
Since the early days of cosign, attaching SBOMs to images has been a common pattern. Since
bom
can generate SBOMs of images stored in registries, we should add support for reading and pushing SBOMs to the registries.Given enough credentials, something like this would be awesome:
Why is this needed:
Having support for attaching documents saves time and allows for simpler CI/CD workflows.