What would you like to be added:
I would like to be able to store a container's labels/annotations inside a syft generated SBOM.
For example, the image mongo:4.4 contains these labels/annotations which are set by its base image ubuntu:focal
$ docker inspect mongo:4.4 | jq ".[0].Config.Labels"
{
"org.opencontainers.image.ref.name": "ubuntu",
"org.opencontainers.image.version": "20.04"
}
which could be stored inside a CycloneDX SBOM in the properties field like
"properties": [
{
"name": "syft:image:annotation:org.opencontainers.image.ref.name",
"value": "ubuntu"
},
{
"name": "syft:image:annotation:org.opencontainers.image.version",
"value": "20.04"
}
...
]
Why is this needed:
It would be nice to see what base image a container is using, as well as other metadata. This solves #1199.
What would you like to be added:
I would like to be able to store a container's labels/annotations inside a syft generated SBOM.
For example, the image
mongo:4.4contains these labels/annotations which are set by its base imageubuntu:focalwhich could be stored inside a CycloneDX SBOM in the properties field like
Why is this needed:
It would be nice to see what base image a container is using, as well as other metadata. This solves #1199.