From cf1e48b34282fe55630a8764760237b24b745f56 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Wed, 8 Mar 2023 14:51:24 +0000 Subject: [PATCH] feat: add support for SBOM attestation (#217) Signed-off-by: Paulo Gomes --- _docs/data/data.yaml | 5 +++++ cmd/drone-docker-buildx/config.go | 7 +++++++ plugin/docker.go | 4 ++++ plugin/impl.go | 1 + 4 files changed, 17 insertions(+) diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml index 6e8b85d..0383719 100644 --- a/_docs/data/data.yaml +++ b/_docs/data/data.yaml @@ -260,3 +260,8 @@ properties: description: Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`). type: string required: false + + - name: sbom + description: Generate [sbom](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest type=sbom`). + type: string + required: false diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go index ffa0b4a..ac41ddb 100644 --- a/cmd/drone-docker-buildx/config.go +++ b/cmd/drone-docker-buildx/config.go @@ -314,5 +314,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag { Destination: &settings.Build.Provenance, Category: category, }, + &cli.StringFlag{ + Name: "sbom", + EnvVars: []string{"PLUGIN_SBOM"}, + Usage: "generates sbom attestation for the build", + Destination: &settings.Build.SBOM, + Category: category, + }, } } diff --git a/plugin/docker.go b/plugin/docker.go index 41deb46..7ad7499 100644 --- a/plugin/docker.go +++ b/plugin/docker.go @@ -156,6 +156,10 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd { args = append(args, "--provenance", build.Provenance) } + if build.SBOM != "" { + args = append(args, "--sbom", build.SBOM) + } + return execabs.Command(dockerBin, args...) } diff --git a/plugin/impl.go b/plugin/impl.go index 4340588..f4ab22c 100644 --- a/plugin/impl.go +++ b/plugin/impl.go @@ -64,6 +64,7 @@ type Build struct { NamedContext cli.StringSlice // Docker build named context Labels cli.StringSlice // Docker build labels Provenance string // Docker build provenance attestation + SBOM string // Docker build sbom attestation } // Settings for the Plugin.