Ubuntu Image

[3.X][feature-request] SBOM/SPDX support for images

Bug #2060105 reported by Talha Can Havadar on 2024-04-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu Image	Confirmed	Medium	Paul Mars

Bug Description

Hello,

SPDX is a widely accepted standard to provide SBOM for a particular image. It would be nice to have it integrated into ubuntu-image tool.

Reference: https://spdx.dev/

See original description

Talha Can Havadar (tchavadar) on 2024-04-03

description:

updated

Revision history for this message

Paul Mars (upils) wrote on 2024-04-03:

Hello Talha.

Producing a SBOM is on our radar. We need to discuss with the security team to understand what is currently the favored format and if some tools/libraries/methods are already vetted to produce SBOMs.

Revision history for this message

Talha Can Havadar (tchavadar) wrote on 2024-04-03:

Great to hear Paul, looking forward to see developments in that area

summary:

- [3.X][feature-request] SPDX support for images
+ [3.X][feature-request] SBOM/SPDX support for images

Paul Mars (upils) on 2024-04-04

Changed in ubuntu-image:
status:	New → Confirmed
importance:	Undecided → Medium
assignee:	nobody → Paul Mars (upils)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.