-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some way to pass configuration to SBOM generator #3791
Comments
So I thought about it a bit and maybe environment variables could be supported without adding too much complication. These attributes could look something like:
Or as a full command line argument:
Drawbacks
|
Fixed by #5372 (thanks @LaurentGoderre 🎉) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As one example, syft supports running multiple catalogers in parallel which can substantially speed up generating the SBOM on a system with more than one CPU core. buildkit-syft-scaner hardcodes the default config which forces parallelism to 1. I suppose it could look for the processor count but that's not always reliable or desirable. And since the generator runs in a container it's not possible to pass environment variables, CLI flags, etc without creating a new image.
While the syft scanner is the main one at the moment, it's hard to say if different scanners might need different options and what they might be. And passing arbitrary container configuration via
attest:sbom
could get horribly complex very fast. So this is kind of open-ended, I don't really know what the configuration interface should be.The text was updated successfully, but these errors were encountered: