Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SBOMs for Hipcheck Distribution Artifacts #171

Open
3 tasks
alilleybrinker opened this issue Jul 1, 2024 · 1 comment
Open
3 tasks

Generate SBOMs for Hipcheck Distribution Artifacts #171

alilleybrinker opened this issue Jul 1, 2024 · 1 comment
Assignees
@mchernicoff
Labels
product: release-flow Relates to any of our release processes type: enhancement New feature or request

Comments

@alilleybrinker
Copy link
Collaborator

alilleybrinker commented Jul 1, 2024
edited
Loading

Hipcheck today effectively produces three artifacts with each release, each of which should have an SBOM:

  • Hipcheck Docker image published to Docker Hub

Of these, the binaries are probably easiest to produce an SBOM for, but it's the Docker container SBOM we probably care about the most.

This will also involve deciding if we want to produce CycloneDX and/or SPDX SBOMs.

EDIT:

We've decided to wait for these to be resolved by the cargo-dist folks, who are working on automatic SBOM generation.

  • hc binary
  • hc-update binary (produced by cargo-dist)
@alilleybrinker alilleybrinker added the type: enhancement New feature or request label Jul 1, 2024
@alilleybrinker alilleybrinker added this to the 3.5.0 milestone Jul 1, 2024
@alilleybrinker alilleybrinker mentioned this issue Jul 1, 2024
Open
@mchernicoff mchernicoff self-assigned this Aug 1, 2024
@mchernicoff
Copy link
Contributor

We will use SPDX as the intended SBOM standard (for now), in the interest of choosing a standard.

@alilleybrinker alilleybrinker modified the milestones: 3.5.0, 3.7.0, 3.6.0 Aug 5, 2024
@mchernicoff mchernicoff mentioned this issue Aug 9, 2024
Closed
@alilleybrinker alilleybrinker modified the milestones: 3.6.0, 3.7.0 Sep 10, 2024
@alilleybrinker alilleybrinker added the product: release-flow Relates to any of our release processes label Sep 11, 2024
@j-lanson j-lanson removed this from the 3.7.0 milestone Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mchernicoff mchernicoff

Labels
product: release-flow Relates to any of our release processes type: enhancement New feature or request
Projects
Hipcheck Dev Roadmap
Status: In Progress
Hipcheck Product Roadmap
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alilleybrinker @mchernicoff @j-lanson