mirror of
https://github.com/ko-build/ko.git
synced 2025-11-23 22:35:11 +02:00
remove support for CycloneDX SBOMs
Signed-off-by: Jason Hall <jason@chainguard.dev>
This commit is contained in:
Jason Hall
@@ -5,7 +5,7 @@ Having a list of dependencies can be helpful in determining whether any vulnerab
|
||||
|
||||
**From v0.9+, `ko` generates and uploads an SBOM for every image it produces by default.**
|
||||
|
||||
ko will generate an SBOM in the [SPDX](https://spdx.dev/) format by default, but you can select the [CycloneDX](https://cyclonedx.org/) format instead with the `--sbom=cyclonedx` flag. To disable SBOM generation, pass `--sbom=none`.
|
||||
ko will generate an SBOM in the [SPDX](https://spdx.dev/) format by default. To disable SBOM generation, pass `--sbom=none`.
|
||||
|
||||
These SBOMs can be downloaded using the [`cosign download sbom`](https://github.com/sigstore/cosign/blob/main/doc/cosign_download_sbom.md) command.
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ ko apply -f FILENAME [flags]
|
||||
-P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO.
|
||||
--push Push images to KO_DOCKER_REPO (default true)
|
||||
-R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx")
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload). (default "spdx")
|
||||
--sbom-dir string Path to file where the SBOM will be written.
|
||||
-l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
|
||||
--tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated.
|
||||
|
||||
@@ -55,7 +55,7 @@ ko build IMPORTPATH... [flags]
|
||||
--platform strings Which platform to use when pulling a multi-platform base. Format: all | <os>[/<arch>[/<variant>]][,platform]*
|
||||
-P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO.
|
||||
--push Push images to KO_DOCKER_REPO (default true)
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx")
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload). (default "spdx")
|
||||
--sbom-dir string Path to file where the SBOM will be written.
|
||||
--tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated.
|
||||
-t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest])
|
||||
|
||||
@@ -60,7 +60,7 @@ ko create -f FILENAME [flags]
|
||||
-P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO.
|
||||
--push Push images to KO_DOCKER_REPO (default true)
|
||||
-R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx")
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload). (default "spdx")
|
||||
--sbom-dir string Path to file where the SBOM will be written.
|
||||
-l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
|
||||
--tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated.
|
||||
|
||||
@@ -53,7 +53,7 @@ ko resolve -f FILENAME [flags]
|
||||
-P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO.
|
||||
--push Push images to KO_DOCKER_REPO (default true)
|
||||
-R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx")
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload). (default "spdx")
|
||||
--sbom-dir string Path to file where the SBOM will be written.
|
||||
-l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
|
||||
--tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated.
|
||||
|
||||
@@ -43,7 +43,7 @@ ko run IMPORTPATH [flags]
|
||||
--platform strings Which platform to use when pulling a multi-platform base. Format: all | <os>[/<arch>[/<variant>]][,platform]*
|
||||
-P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO.
|
||||
--push Push images to KO_DOCKER_REPO (default true)
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx")
|
||||
--sbom string The SBOM media type to use (none will disable SBOM synthesis and upload). (default "spdx")
|
||||
--sbom-dir string Path to file where the SBOM will be written.
|
||||
--tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated.
|
||||
-t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest])
|
||||
|
||||
Reference in New Issue
Block a user