Sboms via convert (!1425) · Merge requests · Iron Bank / ironbank-pipeline

Chad Geary requested to merge sboms-via-convert into master Aug 21, 2024

current:

create 4 SBOM formats in parallel

new:

create 1 SBOM format (syft-json)
use 1 SBOM to syft convert to other 3 formats

syft's SBOM process involves unpacking the image and reading it (slow). The current process does that 4 times. The new process would do it once then convert to other formats (fast).

tests: finished_pipelines-sbom.csv

Sboms via convert

Merge request reports