Resolve "Add syft json to cosign attestation" (!1039) · Merge requests · Iron Bank / ironbank-pipeline · GitLab

UNCLASSIFIED - NO CUI

Tim Seagren requested to merge 703-attest-syft-json-sbom into master Oct 31, 2022

Merge Request Description

This MR re-adds the Syft JSON-formatted SBOM as an attestation layer to allow the scan-logic stage to succeed again.

Additionally adds a parameter to the generate_sbom function to enable configuring the name.

Merge Request BOE

Risk

Low risk, it's a small change and the scan-logic stage is broken already because this isn't in place yet.

Rollback Plan

Testing

Tested in Zelda

Closes #703 (closed)

UNCLASSIFIED - NO CUI