You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/guides/cpp/security.md
+7-19Lines changed: 7 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,41 +13,28 @@ aliases:
13
13
14
14
- You have a [Git client](https://git-scm.com/downloads). The examples in this section use a command-line based Git client, but you can use any client.
15
15
- You have a Docker Desktop installed, with containerd enabled for pulling and storing images (it's a checkbox in **Settings** > **General**). Otherwise, if you use Docker Engine:
16
-
- You have the [Docker SBOM CLI plugin](https://github.com/docker/sbom-cli-plugin) installed. To install it on Docker Engine, use the following command:
17
-
18
-
```bash
19
-
$ curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
20
-
```
21
-
22
16
- You have the [Docker Scout CLI plugin](https://docs.docker.com/scout/install/) installed. To install it on Docker Engine, use the following command:
23
17
24
18
```bash
25
19
$ curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
26
20
```
27
-
21
+
28
22
- You have [containerd enabled](https://docs.docker.com/engine/storage/containerd/) for Docker Engine.
29
23
30
24
## Overview
31
25
32
-
This section walks you through extracting Software Bill of Materials (SBOMs) from a C++ Docker image using the Docker SBOM CLI plugin. SBOMs provide a detailed list of all the components in a software package, including their versions and licenses. You can use SBOMs to track the provenance of your software and ensure that it complies with your organization's security and licensing policies.
26
+
This section walks you through extracting Software Bill of Materials (SBOMs) from a C++ Docker image using Docker Scout. SBOMs provide a detailed list of all the components in a software package, including their versions and licenses. You can use SBOMs to track the provenance of your software and ensure that it complies with your organization's security and licensing policies.
33
27
34
28
## Generate an SBOM
35
29
36
30
Here we will use the Docker image that we built in the [Create a multi-stage build for your C++ application](/guides/language/cpp/multistage/) guide. If you haven't already built the image, follow the steps in that guide to build the image.
37
31
The image is named `hello`. To generate an SBOM for the `hello` image, run the following command:
38
32
39
33
```bash
40
-
$ docker sbom hello
34
+
$ docker scout sbom --format list hello
41
35
```
42
36
43
37
The command will say "No packages discovered". This is because the final image is a scratch image and doesn't have any packages.
This command will build the image and generate an SBOM attestation. You can verify that the SBOM is attached to the image by running the following command:
86
73
87
74
```bash
88
-
$ docker scout sbom --format=list hello:sbom
75
+
$ docker scout sbom --formatlist hello:sbom
89
76
```
90
77
91
-
Note that the normal `docker sbom` command will not load the SBOM attestation.
78
+
Docker Scout reads the SBOM attestation when one is available, so this commandreports packages from the build-stage metadata instead of indexing only the final scratch image filesystem.
92
79
93
80
## Summary
94
81
95
82
In this section, you learned how to generate SBOM attestation for a C++ Docker image during the build process.
96
-
The normal image scanners will not be able to generate SBOMs from scratch images.
83
+
Image scanners that inspect only the final filesystem may not identify packages in scratch images.
84
+
Use SBOM attestations to preserve package metadata from the build.
0 commit comments