From c66e678b2b0868350b53d910cd0d9a9a3458b42c Mon Sep 17 00:00:00 2001 From: Mateusz Urbanek Date: Wed, 23 Jul 2025 13:10:58 +0200 Subject: [PATCH] docs: add SBOM for container-runtimes Partial for #10940 Signed-off-by: Mateusz Urbanek --- container-runtime/crun/pkg.yaml | 9 ++++++++- container-runtime/ecr-credential-provider/pkg.yaml | 5 +++++ container-runtime/gvisor/pkg.yaml | 7 +++++++ container-runtime/kata-containers/pkg.yaml | 7 +++++++ container-runtime/spin/pkg.yaml | 5 +++++ container-runtime/stargz-snapshotter/pkg.yaml | 5 +++++ container-runtime/wasmedge/pkg.yaml | 5 +++++ container-runtime/youki/pkg.yaml | 5 +++++ 8 files changed, 47 insertions(+), 1 deletion(-) diff --git a/container-runtime/crun/pkg.yaml b/container-runtime/crun/pkg.yaml index 63818b6..d737903 100644 --- a/container-runtime/crun/pkg.yaml +++ b/container-runtime/crun/pkg.yaml @@ -34,7 +34,14 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" - + sbom: + outputPath: /rootfs/usr/local/share/spdx/crun.spdx.json + version: {{ .CRUN_VERSION }} + cpes: + - cpe:2.3:a:crun_project:crun:{{ .CRUN_VERSION }}:*:*:*:*:*:*:* + licenses: + - GPL-2.0 + - LGPL-2.1 finalize: - from: /rootfs to: /rootfs diff --git a/container-runtime/ecr-credential-provider/pkg.yaml b/container-runtime/ecr-credential-provider/pkg.yaml index 10dbb59..a3ac0e1 100644 --- a/container-runtime/ecr-credential-provider/pkg.yaml +++ b/container-runtime/ecr-credential-provider/pkg.yaml @@ -45,6 +45,11 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + sbom: + outputPath: /rootfs/usr/local/share/spdx/ecr-credential-provider.spdx.json + version: {{ .CLOUD_PROVIDER_AWS_VERSION }} + licenses: + - Apache-2.0 finalize: - from: /rootfs to: /rootfs diff --git a/container-runtime/gvisor/pkg.yaml b/container-runtime/gvisor/pkg.yaml index 13ce5ff..1eb9a29 100644 --- a/container-runtime/gvisor/pkg.yaml +++ b/container-runtime/gvisor/pkg.yaml @@ -57,6 +57,13 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + sbom: + outputPath: /rootfs/usr/local/share/spdx/gvisor.spdx.json + version: {{ .GVISOR_VERSION }} + cpes: + - cpe:2.3:a:google:gvisor:{{ .GVISOR_VERSION }}:*:*:*:*:*:*:* + licenses: + - Apache-2.0 finalize: - from: /rootfs to: /rootfs diff --git a/container-runtime/kata-containers/pkg.yaml b/container-runtime/kata-containers/pkg.yaml index 275d046..0bfbfc1 100644 --- a/container-runtime/kata-containers/pkg.yaml +++ b/container-runtime/kata-containers/pkg.yaml @@ -69,6 +69,13 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + sbom: + outputPath: /rootfs/usr/local/share/spdx/kata-containers.spdx.json + version: {{ .KATA_CONTAINERS_VERSION }} + cpes: + - cpe:2.3:a:katacontainers:kata_containers:{{ .KATA_CONTAINERS_VERSION }}:*:*:*:*:*:*:* + licenses: + - Apache-2.0 finalize: - from: /rootfs to: /rootfs diff --git a/container-runtime/spin/pkg.yaml b/container-runtime/spin/pkg.yaml index 427ac30..1e2d49c 100644 --- a/container-runtime/spin/pkg.yaml +++ b/container-runtime/spin/pkg.yaml @@ -33,6 +33,11 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + sbom: + outputPath: /rootfs/usr/local/share/spdx/spin.spdx.json + version: {{ .SPIN_VERSION }} + licenses: + - Apache-2.0 finalize: - from: /rootfs to: /rootfs diff --git a/container-runtime/stargz-snapshotter/pkg.yaml b/container-runtime/stargz-snapshotter/pkg.yaml index e72c8ea..2a3376f 100644 --- a/container-runtime/stargz-snapshotter/pkg.yaml +++ b/container-runtime/stargz-snapshotter/pkg.yaml @@ -60,6 +60,11 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + sbom: + outputPath: /rootfs/usr/local/share/spdx/stargz-snapshotter.spdx.json + version: {{ .STARGZ_SNAPSHOTTER_VERSION }} + licenses: + - Apache-2.0 finalize: - from: /rootfs to: /rootfs diff --git a/container-runtime/wasmedge/pkg.yaml b/container-runtime/wasmedge/pkg.yaml index ce389cd..54a91ca 100644 --- a/container-runtime/wasmedge/pkg.yaml +++ b/container-runtime/wasmedge/pkg.yaml @@ -33,6 +33,11 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + sbom: + outputPath: /rootfs/usr/local/share/spdx/wasmedge.spdx.json + version: {{ .WASMEDGE_VERSION }} + licenses: + - Apache-2.0 finalize: - from: /rootfs to: /rootfs diff --git a/container-runtime/youki/pkg.yaml b/container-runtime/youki/pkg.yaml index a7b142f..01c6e6a 100644 --- a/container-runtime/youki/pkg.yaml +++ b/container-runtime/youki/pkg.yaml @@ -34,6 +34,11 @@ steps: cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + sbom: + outputPath: /rootfs/usr/local/share/spdx/youki.spdx.json + version: {{ .YOUKI_VERSION }} + licenses: + - Apache-2.0 finalize: - from: /rootfs