henrirosten
commented
9 months ago Thanks, this is a valid reguest. I'll look into this as soon as possible.
Open drupol opened 9 months ago
henrirosten
commented
9 months ago Thanks, this is a valid reguest. I'll look into this as soon as possible.
drupol
commented
9 months ago Cool looking forward to it !!!
henrirosten
commented
8 months ago @drupol: Sorry for the delay in response.
Re-visiting the discussion here: https://discourse.nixos.org/t/generate-sbom-from-oci-container-made-with-nix/39430/14
I believe what you are trying to do cannot be done with sbomnix since it uses nix-store internally, and using nix-store
inside nix-build (in runCommand) will not work due to nix build sandbox.
Changing sbomnix so that it could be used during buildtime would require a major refactor.
If you (or anyone else reading this) have ideas how to workaround this limitation we certainly appreciate any suggestions or contributions.
drupol
commented
8 months ago So sad, thanks for the clear explanation.
Hello,
I'm currently investigating how I could potentially embed SBOMs in OCI containers made with Nix. I would like to use this project which seems quite mature, but I wish I could use it through a Nix API, it would make sense to use it through it when building the container.
I have opened an issue at https://discourse.nixos.org/t/generate-sbom-from-oci-container-made-with-nix/39430, and I'm currently able to do what I want, but I wish I could also evaluate the use of this project too.
Thanks for shedding some lights on this!