You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implement RFC 0044 by checking for BP_DISABLE_SBOM as one of the first things in build.go and, if set, return early.
Possible Solution
This needs support in both libpak and libbs. Any point where we generate SBOM information or run syft (or other tools), needs to be aware of the opt-out and should skip generating SBOM information.
In addition, the container needs to be flagged as having opted out of SBOM generation so it's clear this was due to a user request.
Motivation
At the moment, this remains unclear. If you find this issue and it is of interest to you. Please post a comment and include some details about why you'd like this setting, your use case and how it impacts you. If we get enough user interest, we can implement this feature.
The text was updated successfully, but these errors were encountered:
I don't think that the linked issue asks for disabling SBoM globally. The maven cyclonedx plug-in will only be able to provide insights into the the bom of the app. This cannot replace e.g. the libjvm buildpacks to provide the jvm sbom information.
Describe the Enhancement
Implement RFC 0044 by checking for BP_DISABLE_SBOM as one of the first things in build.go and, if set, return early.
Possible Solution
This needs support in both libpak and libbs. Any point where we generate SBOM information or run
syft
(or other tools), needs to be aware of the opt-out and should skip generating SBOM information.In addition, the container needs to be flagged as having opted out of SBOM generation so it's clear this was due to a user request.
Motivation
At the moment, this remains unclear. If you find this issue and it is of interest to you. Please post a comment and include some details about why you'd like this setting, your use case and how it impacts you. If we get enough user interest, we can implement this feature.
The text was updated successfully, but these errors were encountered: