docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18969 from dvdksn/attest-link-gha-examples 

build: link to GHA attestations examples
This commit is contained in:
David Karlsson 2023-12-20 13:27:17 +01:00 committed by GitHub
parent bc554f1a86 31705b9a19
commit d98a8afc17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/build/attestations/sbom.md
View File

@ -37,6 +37,9 @@ $ docker buildx build --tag <namespace>/<image>:<version> \
Alternatively, you can use the shorthand `--sbom=true` option instead of `--attest type=sbom`.
For an example on how to add SBOM attestations with GitHub Actions, see
[Add attestations with GitHub Actions](../ci/github-actions/attestations.md).
## Verify SBOM attestations
Always validate the generated SBOM for your image before you push your image to a registry.

3
content/build/attestations/slsa-provenance.md
View File

@ -33,6 +33,9 @@ $ docker buildx build --tag <namespace>/<image>:<version> \
Alternatively, you can use the shorthand `--provenance=true` option instead of `--attest type=provenance`.
To specify the `mode` parameter using the shorthand option, use: `--provenance=mode=max`.
For an example on how to add provenance attestations with GitHub Actions, see
[Add attestations with GitHub Actions](../ci/github-actions/attestations.md).
## Mode
You can use the `mode` parameter to define the level of detail to be included in