Skip to content

exporter: ensure spdx order prioritizes primary sbom#3479

Merged
tonistiigi merged 1 commit intomoby:masterfrom
jedevc:ensure-spdx-order
Jan 9, 2023
Merged

exporter: ensure spdx order prioritizes primary sbom#3479
tonistiigi merged 1 commit intomoby:masterfrom
jedevc:ensure-spdx-order

Conversation

@jedevc
Copy link
Copy Markdown
Member

@jedevc jedevc commented Jan 9, 2023

If we have any SBOMs that are notated as primary, then we should ensure that they appear before the others in the list of attestations.

This ensures that clients should be able to naively take the "first" SBOM, to get the most relevant one that applies to the main rootfs.

@jedevc
exporter: ensure spdx order prioritizes primary sbom
eabeb4f 
If we have any SBOMs that are notated as primary, then we should ensure
that they appear before the others in the list of attestations.

This ensures that clients should be able to naively take the "first"
SBOM, to get the most relevant one that applies to the main
rootfs.

Signed-off-by: Justin Chadwell <[email protected]>
@jedevc jedevc added this to the v0.11.0 milestone Jan 9, 2023
@jedevc jedevc requested a review from tonistiigi January 9, 2023 18:38
@jedevc jedevc mentioned this pull request Jan 9, 2023
Merged
@tonistiigi tonistiigi merged commit eb31c0c into moby:master Jan 9, 2023
@tonistiigi tonistiigi mentioned this pull request Jan 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees

No one assigned

Labels

area/attestations

Projects

None yet

Milestone

v0.11.0

Development

Successfully merging this pull request may close these issues.

2 participants

@jedevc @tonistiigi