Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Generate EOS SBOM and write it in the attestation #311

Open
drasko opened this issue Nov 13, 2024 · 0 comments
Open

Feature: Generate EOS SBOM and write it in the attestation #311

drasko opened this issue Nov 13, 2024 · 0 comments
Assignees

Comments

@drasko
Copy link
Contributor

drasko commented Nov 13, 2024

Is your feature request related to a problem? Please describe.

No

Describe the feature you are requesting, as well as the possible use case(s) for it.

Use Syft to generate SBOM of our EOS image (maybe with a post-build script). Additionally, the agent can probably do this either on boot or if demanded via API (not to waste time on every boot). Use SPDX SBOM format. See if we can use Attestation Measurement to hold the SBOM hash or something (as we pre-calculated it when we were generating the EOS image), and then Agent can compare this.

Additionally, research Grype and see how we can use it and combine it with RA.

Overall, the idea is that EOS should be clearly known and explained to the users (via SBOMs) so that they can have confidence in TCB.

Indicate the importance of this feature to you.

Must-have

Anything else?

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants