Commit c95c2d47 authored by Cédric OLIVIER's avatar Cédric OLIVIER Committed by Pierre Smeyers
Browse files

fix(sbom): disable file catalogers for Syft SBOM (to minimize SBOM file)

parent ab49089c

README.md

+1 −1
Original line number Diff line number Diff line
@@ -458,7 +458,7 @@ It is bound to the `package-test` stage, and uses the following variables: 
| `sbom-disabled` / `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job       | _none_                                                                                                                  |

| `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `DOCKER_SBOM_DISABLED` takes precedence | `onrelease` |

| `sbom-image` / `DOCKER_SBOM_IMAGE`       | The docker image used to emit SBOM      | `registry.hub.docker.com/anchore/syft:debug`<br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-DOCKER_SBOM_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-DOCKER_SBOM_IMAGE)|

| `sbom-opts` / `DOCKER_SBOM_OPTS`         | Options for syft used for SBOM analysis | `--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger` |

| `sbom-opts` / `DOCKER_SBOM_OPTS`         | Options for syft used for SBOM analysis | `--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger --select-catalogers -file` |



### `docker-publish` job

kicker.json

+1 −1
Original line number Diff line number Diff line
@@ -212,7 +212,7 @@ 
        {

          "name": "DOCKER_SBOM_OPTS",

          "description": "Options for syft used for SBOM analysis",

          "default": "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger",

          "default": "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger --select-catalogers -file",

          "advanced": true

        }

      ]

templates/gitlab-ci-docker.yml

+1 −1
Original line number Diff line number Diff line
@@ -169,7 +169,7 @@ spec: 
      default: registry.hub.docker.com/anchore/syft:debug

    sbom-opts:

      description: Options for syft used for SBOM analysis

      default: --override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger

      default: --override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger --select-catalogers -file

---

# default workflow rules: Merge Request pipelines

workflow: