Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update SBOM spec to indicate compat for syft #1278

Merged
merged 2 commits into from
Jan 6, 2022
Merged

Conversation

sambhav
Copy link
Contributor

@sambhav sambhav commented Jan 6, 2022

This documents the support for syft json added in #1137

Signed-off-by: Sambhav Kothari [email protected]

Summary

cosign already supports syft as an sbom format in #1137 but the spec was not updated to capture this support. This is a simple doc/spec change to bring it in line with the CLI.

Ticket Link

Fixes

Release Note

Update SBOM spec to include support for syft json

This documents the support for syft json added in sigstore#1137 

Signed-off-by: Sambhav Kothari <[email protected]>
@dlorenc
Copy link
Member

dlorenc commented Jan 6, 2022

Thanks!

I'd be happy to move these specifications somewhere else to make "governance" by all the implementing parties easier at some point.

@sambhav
Copy link
Contributor Author

sambhav commented Jan 6, 2022

@dlorenc please don't merge. I have one more minor change to make.

EDIT - should be good to go now.

As noted by @VinodAnandan - the previous message may have caused confusion about NTIA recorgnized formats v/s formats cosign uses. Updating the wording to explicitly call out cosign supported formats.

Signed-off-by: Sambhav Kothari <[email protected]>
@dlorenc dlorenc merged commit b6aaddc into sigstore:main Jan 6, 2022
@github-actions github-actions bot added this to the v1.5.0 milestone Jan 6, 2022
@sambhav sambhav deleted the patch-1 branch January 6, 2022 19:57
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
* Update SBOM spec to indicate compat for syft

This documents the support for syft json added in sigstore#1137 

Signed-off-by: Sambhav Kothari <[email protected]>

* Reword SBOM wording to indicate that the formats are cosign specific

As noted by @VinodAnandan - the previous message may have caused confusion about NTIA recorgnized formats v/s formats cosign uses. Updating the wording to explicitly call out cosign supported formats.

Signed-off-by: Sambhav Kothari <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants