Skip to content

Commit 07548bc

Browse files
jedevcjedevc
committed
build: add docs for boolean attestation flags
Signed-off-by: Justin Chadwell <[email protected]>
1 parent d2fa4a5 commit 07548bc

1 file changed

Lines changed: 27 additions & 4 deletions

File tree

docs/reference/buildx_build.md

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,9 @@ BuildKit currently supports:
9191
Use `--attest=type=provenance` to generate provenance for an image at
9292
build-time. Alternatively, you can use the [`--provenance` shorthand](#provenance).
9393

94+
By default, a minimal provenance attestation will be created for the build
95+
result, which will only be attached for images pushed to registries.
96+
9497
For more information, see [here](https://docs.docker.com/build/attestations/slsa-provenance/).
9598

9699
### <a name="allow"></a> Allow extra privileged entitlement (--allow)
@@ -480,8 +483,20 @@ $ docker buildx build --load --progress=plain .
480483
481484
### <a name="provenance"></a> Create provenance attestations (--provenance)
482485

483-
Shorthand for [`--attest=type=provenance`](#attest). Enables provenance
484-
attestations for the build result.
486+
Shorthand for [`--attest=type=provenance`](#attest), used to configure
487+
provenance attestations for the build result. For example,
488+
`--provenance=mode=max` can be used as an abbreviation for
489+
`--attest=type=provenance,mode=max`.
490+
491+
Additionally, `--provenance` can be used with boolean values to broadly enable
492+
or disable provenance attestations. For example, `--provenance=false` can be
493+
used to disable all provenance attestations, while `--provenance=true` can be
494+
used to enable all provenance attestations.
495+
496+
By default, a minimal provenance attestation will be created for the build
497+
result, which will only be attached for images pushed to registries.
498+
499+
For more information, see [here](https://docs.docker.com/build/attestations/slsa-provenance/).
485500

486501
### <a name="push"></a> Push the build result to a registry (--push)
487502

@@ -490,8 +505,16 @@ build result to registry.
490505

491506
### <a name="sbom"></a> Create SBOM attestations (--sbom)
492507

493-
Shorthand for [`--attest=type=sbom`](#attest). Enables SBOM attestations for
494-
the build result.
508+
Shorthand for [`--attest=type=sbom`](#attest), used to configure SBOM
509+
attestations for the build result. For example,
510+
`--sbom=generator=<user>/<generator-image>` can be used as an abbreviation for
511+
`--attest=type=sbom,generator=<user>/<generator-image>`.
512+
513+
Additionally, `--sbom` can be used with boolean values to broadly enable or
514+
disable SBOM attestations. For example, `--sbom=false` can be used to disable
515+
all SBOM attestations.
516+
517+
For more information, see [here](https://docs.docker.com/build/attestations/sbom/).
495518

496519
### <a name="secret"></a> Secret to expose to the build (--secret)
497520

0 commit comments

Comments
 (0)