OCI and ORAS have added support for attaching SBOMs (or other related artifacts) to container images in a registry: https://oras.land/blog/oras-0.14-and-future/
Their example<https://oras.land/blog/oras-0.14-and-future/#using-sbom-tool-to-generate-a-sbom> uses Microsoft's SBOM Tool to generate an SPDX SBOM and then the ORAS client to attach it to a container image in the registry. William -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4791): https://lists.spdx.org/g/Spdx-tech/message/4791 Mute This Topic: https://lists.spdx.org/mt/93876716/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
