search

nebari-dev / nebari

🪴 Nebari - your open source data science platform
https://nebari.dev
BSD 3-Clause "New" or "Revised" License
267 stars 88 forks source link

[ENH] - SBOM Generation #2245

Open rigzba21 opened 4 months ago

rigzba21 commented 4 months ago

Feature description

Generate a software-bill-of-materials (SBOM) supply-chain security artifact in CI.

Value and/or benefit

Improve supply-chain security by generating a SBOM artifact in CI.

Anything else?

No response

rigzba21 commented 4 months ago

https://github.com/kyverno/kyverno/blob/03c6635b6c367aa7f56ec0f5f15f3fbb4330f7f8/.github/actions/publish-image/action.yaml#L58-L88 is an example GitHub Actions workflow to generate a CycloneDX format SBOM, signed with cosign.