Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate Backend.AI image labels using SBOM #3141

Open
jopemachine opened this issue Nov 26, 2024 · 1 comment
Open

Validate Backend.AI image labels using SBOM #3141

jopemachine opened this issue Nov 26, 2024 · 1 comment
Assignees
@jopemachine
Labels
type:feature Add new features

Comments

@jopemachine
Copy link
Member

jopemachine commented Nov 26, 2024
edited
Loading

Main idea

When building and pushing a new image by adding label information and additional installation commands to an existing image through the Forklift (or Control panel), let's verify the image labels by comparing them with the SBOM before pushing the image.

To achieve this, we need to implement APIs for image validation.
@jopemachine jopemachine self-assigned this Nov 26, 2024
@jopemachine jopemachine added the type:feature Add new features label Nov 26, 2024
@jopemachine
Copy link
Member Author

jopemachine commented Nov 26, 2024
edited
Loading

The validation check during the image build stage cannot rely on the SBOM generated by the registry, as the image has not yet been pushed to the registry.

IMHO, One alternative could be to create separate APIs to generate SBOM directly using syft.
While generating SBOM itself may take a relatively long time, since the API caller who is attempting to push a local image already have the image on the host, we won't need to consider image pulling time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jopemachine jopemachine

Labels
type:feature Add new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jopemachine