[feature] Provide the ability to show/download SBOM/VULN attestations #300
Labels
enhancement
New feature or request
priority/review
size/L
Denotes an issue/PR requiring a relatively large amount of work
Milestone
Comments
zackbradys
added
size/L
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is this RFE related to an Existing Problem? If so, please describe:
When using Hauler to pull down images from Carbide, those images provide sbom and vulnerability reports in the form of attestations. Currently, if someone wants to view those attestations, they need to download 'cosign' and docker, figure out if the image is single arch or multi-arch, and then use the appropriate cosign commands to show / validate those attestations. Having either a wrapper script or having this functionality built into Hauler would allow customers to not have to use any other tooling.
Describe Proposed Solution(s):
Add functionality to Hauler to download/view those attestations
Describe Possible Alternatives:
Possibly a wrapper script? But that's just another external tool that's needed.
The text was updated successfully, but these errors were encountered: