Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove legacy bom from label in platform API 0.9 #808

Closed
natalieparellano opened this issue Feb 25, 2022 · 2 comments · Fixed by #825
Closed

Remove legacy bom from label in platform API 0.9 #808

natalieparellano opened this issue Feb 25, 2022 · 2 comments · Fixed by #825
Assignees
@natalieparellano
Labels
status/ready type/enhancement New feature or request
Milestone
lifecycle-0.14.0

Comments

@natalieparellano
Copy link
Member

natalieparellano commented Feb 25, 2022
edited
Loading

See related spec PR: buildpacks/spec#288

Description

Currently, legacy BOMs output by buildpacks (either because the buildpack api < 0.7 or for backwards compatibility with older platforms - see here) end up in the io.buildpacks.build.metadata label on the app image. This can cause very large labels which can take down k8s nodes.

The linked PR would remove legacy BOMs from the io.buildpacks.build.metadata label. It would also remove the [bom] table from layers/config/metadata.toml (for launch boms) and report.toml (for build boms).

To allow newer platforms to maintain compatibility with older buildpacks, it has been suggested to copy legacy BOMs to /sbom/launch/legacy.sbom.json and /sbom/build/legacy.sbom.json.
@natalieparellano
Copy link
Member Author

Blocking on buildpacks/spec#288

@natalieparellano natalieparellano added this to the lifecycle-0.14.0 milestone Feb 25, 2022
@natalieparellano natalieparellano self-assigned this Mar 10, 2022
@natalieparellano
Copy link
Member Author

Should be unblocked pending the approval of buildpacks/spec#297

@natalieparellano natalieparellano removed their assignment Mar 10, 2022
@natalieparellano natalieparellano self-assigned this Mar 10, 2022
@natalieparellano natalieparellano mentioned this issue Mar 10, 2022
Merged
@matthewmcnew matthewmcnew mentioned this issue Jul 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@natalieparellano natalieparellano

Labels
status/ready type/enhancement New feature or request
Projects
None yet
Milestone
lifecycle-0.14.0
Development

Successfully merging a pull request may close this issue.

Write sbom.legacy.json files for newer platform api buildpacks/lifecycle
1 participant
@natalieparellano