Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EPIC] SBOM integration #19130

Closed
chlins opened this issue Aug 9, 2023 · 6 comments
Closed

[EPIC] SBOM integration #19130

chlins opened this issue Aug 9, 2023 · 6 comments

Comments

@chlins
Copy link
Member

chlins commented Aug 9, 2023

Background

SBOM (Software Bill of Materials) is becoming increasingly important in the software development and supply chain ecosystem. It provides a comprehensive and structured inventory of the components and dependencies used in a software application. The significance of SBOM lies in its ability to enhance transparency, security, and compliance throughout the software development lifecycle.

In the context of Harbor, supporting SBOM brings significant benefits. As a trusted container registry, Harbor can act as a central hub for storing and managing SBOM information. By integrating SBOM generation and storage capabilities into Harbor, organizations gain a centralized and standardized approach to managing their software supply chain. Developers and security teams can easily access SBOM information, analyze dependencies, and make informed decisions regarding security patches, updates, or component replacements.

Related requirement issues

Tasks

Considering the overall changes and workload involved in this feature, we considered breaking down tasks into different phases and delivering the feature in multiple release versions.

Frontend

Backend

@chlins chlins self-assigned this Aug 9, 2023
@chlins chlins changed the title SBOM integration [EPIC] SBOM integration Aug 9, 2023
@github-actions
Copy link

github-actions bot commented Oct 8, 2023

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

Copy link

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

@github-actions github-actions bot added the Stale label Dec 18, 2023
@Reamer
Copy link

Reamer commented Dec 19, 2023

Still needed.

@bedla
Copy link

bedla commented Mar 8, 2024

Hi, will it be possible to upload SBOM and not only generate it?

My use-case is that I have GraalVM native build with SBOM generated during build time and currently saved into Artifactory. This also applied to any other Native build like Go, C, etc.

Some more detail about use-case I described here aquasecurity/trivy#6288

What do you think?

Thx

Ivos

@PiotrIzak
Copy link

Feature is still needed.

@sambonbonne
Copy link

Hello, I have the same use case as @bedla: I build a native image (GraalVM) with Gradle and Nx so Harbor doesn't detect dependencies vulnerabilities. I am able to generate a SBOM appart the image file but I don't find a way to upload it directly to Harbor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

No branches or pull requests

7 participants