mirror of https://github.com/docker/docs.git
				
				
				
			Merge pull request #19747 from dvdksn/remove-sbom
chore: fully remove the sbom page
This commit is contained in:
		
						commit
						d7b61bf28f
					
				|  | @ -1762,7 +1762,7 @@ For frequently asked questions about Docker Desktop releases, see [FAQs](faqs/re | ||||||
| ### New | ### New | ||||||
| 
 | 
 | ||||||
| - IT Administrators can now install Docker Desktop remotely using the command line. | - IT Administrators can now install Docker Desktop remotely using the command line. | ||||||
| - Add the Docker Software Bill of Materials (SBOM) CLI plugin. The new CLI plugin enables users to generate SBOMs for Docker images. For more information, see [Docker SBOM](../engine/sbom/index.md). | - Add the Docker Software Bill of Materials (SBOM) CLI plugin. The new CLI plugin enables users to generate SBOMs for Docker images. | ||||||
| - Use [cri-dockerd](https://github.com/Mirantis/cri-dockerd) for new Kubernetes clusters instead of `dockershim`. The change is transparent from the user's point of view and Kubernetes containers run on the Docker Engine as before. `cri-dockerd` allows Kubernetes to manage Docker containers using the standard [Container Runtime Interface](https://github.com/kubernetes/cri-api#readme), the same interface used to control other container runtimes. For more information, see [The Future of Dockershim is cri-dockerd](https://www.mirantis.com/blog/the-future-of-dockershim-is-cri-dockerd/). | - Use [cri-dockerd](https://github.com/Mirantis/cri-dockerd) for new Kubernetes clusters instead of `dockershim`. The change is transparent from the user's point of view and Kubernetes containers run on the Docker Engine as before. `cri-dockerd` allows Kubernetes to manage Docker containers using the standard [Container Runtime Interface](https://github.com/kubernetes/cri-api#readme), the same interface used to control other container runtimes. For more information, see [The Future of Dockershim is cri-dockerd](https://www.mirantis.com/blog/the-future-of-dockershim-is-cri-dockerd/). | ||||||
| 
 | 
 | ||||||
| ### Updates | ### Updates | ||||||
|  |  | ||||||
|  | @ -1,97 +0,0 @@ | ||||||
| --- |  | ||||||
| title: Generate the SBOM for Docker images |  | ||||||
| description: Viewing the Software Bill of Materials (SBOM) for Docker images |  | ||||||
| keywords: Docker, sbom, Anchore, images, Syft, security |  | ||||||
| toc_min: 1 |  | ||||||
| toc_max: 2 |  | ||||||
| --- |  | ||||||
| 
 |  | ||||||
| A Software Bill Of Materials (SBOM) is analogous to a packing list for a shipment. It lists all the components that make up the software, or were used to build it. For container images, this includes the operating system packages that are installed (for example, ca-certificates) along with language-specific packages that the software depends on (for example, Log4j). The SBOM could include a subset of this information or even more details, like the versions of components and their source. |  | ||||||
| 
 |  | ||||||
| > **Warning** |  | ||||||
| > |  | ||||||
| > The `docker sbom` command is currently experimental. This may change or be removed from future releases. |  | ||||||
| { .warning } |  | ||||||
| 
 |  | ||||||
| The experimental `docker sbom` command allows you to generate the SBOM of a container image. Today, it does this by scanning the layers of the image using the [Syft project](https://github.com/anchore/syft) but in future it may read the SBOM from the image itself or elsewhere. |  | ||||||
| 
 |  | ||||||
| ## Simple use |  | ||||||
| 
 |  | ||||||
| To output a tabulated SBOM for an image,  use `docker sbom <image>:<tag>`: |  | ||||||
| 
 |  | ||||||
| ```console |  | ||||||
| $ docker sbom neo4j:4.4.5 |  | ||||||
| Syft v0.43.0 |  | ||||||
|  ✔ Loaded image |  | ||||||
|  ✔ Parsed image |  | ||||||
|  ✔ Cataloged packages      [385 packages] |  | ||||||
| 
 |  | ||||||
| NAME                      VERSION                        TYPE |  | ||||||
| ...  |  | ||||||
| bsdutils                  1:2.36.1-8+deb11u1             deb |  | ||||||
| ca-certificates           20210119                       deb |  | ||||||
| ... |  | ||||||
| log4j-api                 2.17.1                         java-archive   |  | ||||||
| log4j-core                2.17.1                         java-archive   |  | ||||||
| ... |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| The output includes both system packages and software libraries used by applications in the container image. |  | ||||||
| 
 |  | ||||||
| ## Output formatting and saving outputs |  | ||||||
| 
 |  | ||||||
| You can view the SBOM output in standard formats like [SPDX](https://spdx.dev) and [CycloneDX](https://cyclonedx.org) along with the Syft and GitHub formats using the `--format` option. |  | ||||||
| 
 |  | ||||||
| ```console |  | ||||||
| $ docker sbom --format spdx-json alpine:3.15 |  | ||||||
| { |  | ||||||
|  "SPDXID": "SPDXRef-DOCUMENT", |  | ||||||
|  "name": "alpine-3.15", |  | ||||||
|  "spdxVersion": "SPDX-2.2", |  | ||||||
|  "creationInfo": { |  | ||||||
|   "created": "2022-04-06T21:13:32.035571Z", |  | ||||||
|   "creators": [ |  | ||||||
|    "Organization: Anchore, Inc", |  | ||||||
|    "Tool: syft-[not provided]" |  | ||||||
|   ], |  | ||||||
|   "licenseListVersion": "3.16" |  | ||||||
|  }, |  | ||||||
|  "dataLicense": "CC0-1.0", |  | ||||||
|  "documentNamespace": "https://anchore.com/syft/image/alpine-3.15-4b1b99d8-bbb5-4426-af8e-c510189134ab", |  | ||||||
|  "packages": [ |  | ||||||
|   { |  | ||||||
|    "SPDXID": "SPDXRef-1e3f3285636676f3", |  | ||||||
|    "name": "alpine-baselayout", |  | ||||||
|    "licenseConcluded": "GPL-2.0-only", |  | ||||||
|    "description": "Alpine base dir structure and init scripts", |  | ||||||
|    "downloadLocation": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", |  | ||||||
|    "externalRefs": [ |  | ||||||
|     { |  | ||||||
| ... |  | ||||||
| } |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| These outputs are more verbose and contain more information than the default tabulated output. |  | ||||||
| 
 |  | ||||||
| By default, the command outputs the SBOM to stdout. You can save the output to a file by specifying one with the `--output` flag. |  | ||||||
| 
 |  | ||||||
| ```console |  | ||||||
| $ docker sbom --format spdx-json --output sbom.json alpine:3.15 |  | ||||||
| Syft v0.43.0 |  | ||||||
|  ✔ Loaded image |  | ||||||
|  ✔ Parsed image |  | ||||||
|  ✔ Cataloged packages      [14 packages] |  | ||||||
| 
 |  | ||||||
| $ cat sbom.json |  | ||||||
| { |  | ||||||
|  "SPDXID": "SPDXRef-DOCUMENT", |  | ||||||
|  "name": "alpine-3.15", |  | ||||||
|  "spdxVersion": "SPDX-2.2", |  | ||||||
| ... |  | ||||||
| } |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| ## Feedback |  | ||||||
| 
 |  | ||||||
| Thanks for trying the Docker SBOM CLI plugin. We’d love to hear from you. You can provide feedback and report any bugs through the Issues tracker in the |  | ||||||
| [docker/sbom-cli-plugin](https://github.com/docker/sbom-cli-plugin) GitHub repository. |  | ||||||
|  | @ -2,6 +2,8 @@ | ||||||
| title: Docker Scout SBOMs | title: Docker Scout SBOMs | ||||||
| description: Use Docker Scout to extract the SBOM for your project. | description: Use Docker Scout to extract the SBOM for your project. | ||||||
| keywords: scout, supply chain, sbom, software bill of material, spdx | keywords: scout, supply chain, sbom, software bill of material, spdx | ||||||
|  | aliases: | ||||||
|  | - /engine/sbom/ | ||||||
| --- | --- | ||||||
| 
 | 
 | ||||||
| [Image analysis](./image-analysis.md) uses image SBOMs to understand what packages and versions an image contains. | [Image analysis](./image-analysis.md) uses image SBOMs to understand what packages and versions an image contains. | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue