SBOM provider and settings.
References:
IGconf_artefact_target_name,
IGconf_artefact_version
Declares (prefix: sbom):
| Variable | Description | Default | Validation | Policy |
|---|---|---|---|---|
IGconf_sbom_enable |
Enable SBOM generation |
y
|
Boolean value - accepts: true/false, 1/0, yes/no, y/n (case insensitive) | immediate |
IGconf_sbom_version |
Version string of the SBOM |
${IGconf_artefact_version}
|
Non-empty string value | immediate |
IGconf_sbom_name |
Identifier name of the SBOM |
${IGconf_artefact_target_name}-${IGconf_sbom_version}
|
Non-empty string value | immediate |
IGconf_sbom_filename |
SBOM filename |
${IGconf_sbom_name}.sbom
|
Non-empty string value | immediate |
IGconf_sbom_hook |
Hook to generate the SBOM filename. |
${DIRECTORY}/gen.sh
|
Non-empty string value | immediate |
IGconf_sbom_provider |
SBOM provider |
syft
|
Must be one of: syft | lazy |
IGconf_sbom_syft_config |
Configuration file containing the settings syft will use to scan and output the SBOM. The following parameters are explicitly specified by rpi-image-gen when syft is invoked: source: name version base-path For further information, refer to https://github.com/anchore/syft/wiki/Configuration |
${DIRECTORY}/syft.yaml
|
Non-empty string value | lazy |
IGconf_sbom_syft_source |
Source specifier syft will use as its input for scanning. Will be determined automatically if empty based on the output target. For further information regarding syft scan sources, refer to https://github.com/anchore/syft/wiki/supported-sources |
<empty>
|
String value (may be empty) | lazy |
File: sbom/sbom.yaml
Type: static