Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Verified Commit 4be34ef5 authored by Benoît's avatar Benoît
Browse files

Improve sbom attestation

parent 5955bd1b
No related branches found
No related tags found
No related merge requests found
......@@ -36,6 +36,9 @@ include:
skopeo inspect docker://${digest}
trivy image --output /tmp/image.sbom --format cosign-vuln --ignore-unfixed --severity HIGH,CRITICAL ${digest}
cosign attest -y --key hashivault://cosign --predicate /tmp/image.sbom --type=vuln ${digest}
cosign attach sbom --sbom /tmp/image.sbom ${digest}
trivy image -f cyclonedx -o sbom.cdx.json ${digest}
cosign attest -y --key hashivault://cosign --type cyclonedx --predicate sbom.cdx.json ${digest}
trivy image -f spdxjson -o sbom.spdx.json ${digest}
cosign attest -y --key hashivault://cosign --type spdx-json --predicate sbom.spdx.json ${digest}
done
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment