Open rchincha opened 4 months ago
trivy sbom <sbom-file>
^ first cut, for remote cloud storage case.
Hi @rchincha
I am willing to work on this issue.
From what I can understand, we have a ScanImage
method which has been implemented for trivy
.
I think the following logic flow will satisfy this requirement:
trivy
- to be implementedPlease let me know if I can proceed with the implementation.
Is your feature request related to a problem? Please describe.
zot
has support for OCI artifacts (v1.1.0) and when a SBOM is pushed, we can leverage the SBOM scanning ability from trivy to do:Describe the solution you'd like
If remote storage is detected and a SBOM artifact is found, then use that for CVE scans.
Describe alternatives you've considered
No response
Additional context
No response