From 2f1ba5da9cb9bc98735171473581591ea6cbda5c Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Fri, 5 Apr 2024 15:49:20 +0200 Subject: [PATCH] chore: fully remove the sbom page The old `docker sbom` page had been removed from the toc. This fully removes the page and redirects to the Scout SBOM page. Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/desktop/release-notes.md | 2 +- content/engine/sbom/_index.md | 97 -------------------------------- content/scout/sbom.md | 2 + 3 files changed, 3 insertions(+), 98 deletions(-) delete mode 100644 content/engine/sbom/_index.md diff --git a/content/desktop/release-notes.md b/content/desktop/release-notes.md index 3fc902d02d..a6ca0c6489 100644 --- a/content/desktop/release-notes.md +++ b/content/desktop/release-notes.md @@ -1762,7 +1762,7 @@ For frequently asked questions about Docker Desktop releases, see [FAQs](faqs/re ### New - IT Administrators can now install Docker Desktop remotely using the command line. -- Add the Docker Software Bill of Materials (SBOM) CLI plugin. The new CLI plugin enables users to generate SBOMs for Docker images. For more information, see [Docker SBOM](../engine/sbom/index.md). +- Add the Docker Software Bill of Materials (SBOM) CLI plugin. The new CLI plugin enables users to generate SBOMs for Docker images. - Use [cri-dockerd](https://github.com/Mirantis/cri-dockerd) for new Kubernetes clusters instead of `dockershim`. The change is transparent from the user's point of view and Kubernetes containers run on the Docker Engine as before. `cri-dockerd` allows Kubernetes to manage Docker containers using the standard [Container Runtime Interface](https://github.com/kubernetes/cri-api#readme), the same interface used to control other container runtimes. For more information, see [The Future of Dockershim is cri-dockerd](https://www.mirantis.com/blog/the-future-of-dockershim-is-cri-dockerd/). ### Updates diff --git a/content/engine/sbom/_index.md b/content/engine/sbom/_index.md deleted file mode 100644 index 3db56852e7..0000000000 --- a/content/engine/sbom/_index.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Generate the SBOM for Docker images -description: Viewing the Software Bill of Materials (SBOM) for Docker images -keywords: Docker, sbom, Anchore, images, Syft, security -toc_min: 1 -toc_max: 2 ---- - -A Software Bill Of Materials (SBOM) is analogous to a packing list for a shipment. It lists all the components that make up the software, or were used to build it. For container images, this includes the operating system packages that are installed (for example, ca-certificates) along with language-specific packages that the software depends on (for example, Log4j). The SBOM could include a subset of this information or even more details, like the versions of components and their source. - -> **Warning** -> -> The `docker sbom` command is currently experimental. This may change or be removed from future releases. -{ .warning } - -The experimental `docker sbom` command allows you to generate the SBOM of a container image. Today, it does this by scanning the layers of the image using the [Syft project](https://github.com/anchore/syft) but in future it may read the SBOM from the image itself or elsewhere. - -## Simple use - -To output a tabulated SBOM for an image, use `docker sbom :`: - -```console -$ docker sbom neo4j:4.4.5 -Syft v0.43.0 - ✔ Loaded image - ✔ Parsed image - ✔ Cataloged packages [385 packages] - -NAME VERSION TYPE -... -bsdutils 1:2.36.1-8+deb11u1 deb -ca-certificates 20210119 deb -... -log4j-api 2.17.1 java-archive -log4j-core 2.17.1 java-archive -... -``` - -The output includes both system packages and software libraries used by applications in the container image. - -## Output formatting and saving outputs - -You can view the SBOM output in standard formats like [SPDX](https://spdx.dev) and [CycloneDX](https://cyclonedx.org) along with the Syft and GitHub formats using the `--format` option. - -```console -$ docker sbom --format spdx-json alpine:3.15 -{ - "SPDXID": "SPDXRef-DOCUMENT", - "name": "alpine-3.15", - "spdxVersion": "SPDX-2.2", - "creationInfo": { - "created": "2022-04-06T21:13:32.035571Z", - "creators": [ - "Organization: Anchore, Inc", - "Tool: syft-[not provided]" - ], - "licenseListVersion": "3.16" - }, - "dataLicense": "CC0-1.0", - "documentNamespace": "https://anchore.com/syft/image/alpine-3.15-4b1b99d8-bbb5-4426-af8e-c510189134ab", - "packages": [ - { - "SPDXID": "SPDXRef-1e3f3285636676f3", - "name": "alpine-baselayout", - "licenseConcluded": "GPL-2.0-only", - "description": "Alpine base dir structure and init scripts", - "downloadLocation": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", - "externalRefs": [ - { -... -} -``` - -These outputs are more verbose and contain more information than the default tabulated output. - -By default, the command outputs the SBOM to stdout. You can save the output to a file by specifying one with the `--output` flag. - -```console -$ docker sbom --format spdx-json --output sbom.json alpine:3.15 -Syft v0.43.0 - ✔ Loaded image - ✔ Parsed image - ✔ Cataloged packages [14 packages] - -$ cat sbom.json -{ - "SPDXID": "SPDXRef-DOCUMENT", - "name": "alpine-3.15", - "spdxVersion": "SPDX-2.2", -... -} -``` - -## Feedback - -Thanks for trying the Docker SBOM CLI plugin. We’d love to hear from you. You can provide feedback and report any bugs through the Issues tracker in the -[docker/sbom-cli-plugin](https://github.com/docker/sbom-cli-plugin) GitHub repository. \ No newline at end of file diff --git a/content/scout/sbom.md b/content/scout/sbom.md index ef5280b8c2..62b00d8dad 100644 --- a/content/scout/sbom.md +++ b/content/scout/sbom.md @@ -2,6 +2,8 @@ title: Docker Scout SBOMs description: Use Docker Scout to extract the SBOM for your project. keywords: scout, supply chain, sbom, software bill of material, spdx +aliases: +- /engine/sbom/ --- [Image analysis](./image-analysis.md) uses image SBOMs to understand what packages and versions an image contains.