鍦ㄤ笂涓湀鍙戝竷鐨凞ockerDesktopv4.7.0涓紝寮曞叆浜嗕竴涓柊鐨凜LI鎻掍欢-docker/sbom-cli-plugin锛屽湪DockerCLI涓鍔犱簡涓€涓瓙鍛戒护-sbom锛岀敤浜庢煡鐪婼oftwareDocker瀹瑰櫒鏄犲儚鐨勭墿鏂欐竻鍗?SBOM)銆備粈涔堟槸SBOM锛熼鍏堜粙缁嶄竴涓嬩粈涔堟槸SBOM锛圫oftwareBillofMaterials锛夛紝鎴戜滑绉颁箣涓鸿蒋浠剁墿鏂欐竻鍗曪紝鏄蒋浠朵緵搴旈摼涓殑涓€涓湳璇€傝蒋浠朵緵搴旈摼鏄敤浜庢瀯寤鸿蒋浠跺簲鐢ㄧ▼搴忥紙杞欢浜у搧锛夌殑缁勪欢銆佸簱鍜屽伐鍏风殑鍒楄〃锛岃€岀墿鏂欐竻鍗曞0鏄庝簡杩欎簺缁勪欢銆佸簱鐨勫垪琛紝绫讳技浜庨鍝侀厤鏂欒〃銆傝蒋浠剁墿鏂欐竻鍗曞彲浠ュ府鍔╃粍缁囨垨闆嗕綋闃叉浣跨敤鍏锋湁瀹夊叏婕忔礊鐨勮蒋浠躲€侱OCKERSBOM鍛戒护娉ㄦ剰浜嬮」锛氫粠DockerDesktop4.7.0鑷充粖锛宒ockersbom鍛戒护浠嶅浜庡疄楠岄樁娈碉紝褰撳墠鐗堟湰鍙兘浼氬垹闄ゅ拰鏇存敼璇ュ姛鑳姐€侺inux鐨凞ockerCLI灏嗘潵涓嶅寘鍚瀛愬懡浠ゃ€俤ockersbom鍛戒护鐢ㄤ簬鐢熶骇涓€涓鍣ㄩ暅鍍忕殑杞欢鏉愭枡娓呭崟锛圫BOM锛夝煇?$dockersbom--helpUsage:dockersbom[OPTIONS]COMMANDViewthepackaged-basedSoftwareBillimageOfanMaterials)for.姝ゅ懡浠ょ殑杈撳嚭缁撴灉鍙兘浼氬彂鐢熷彉鍖栥€侺eave聽feedback聽on聽https://github.com/docker/sbom-cli-plugin.Examples:聽docker聽sbom聽alpine:latest聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽a聽summary聽of聽discovered聽packages聽docker聽sbom聽alpine:latest聽--format聽syft-json聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽show聽all聽possible聽cataloging聽details聽docker聽sbom聽alpine:latest--outputsbom.txt灏嗘姤鍛婅緭鍑哄啓鍏ユ枃浠禿ockersbomalpine:latest--exclude/lib--exclude'**/*.db'蹇界暐鍥惧儚涓殑涓€涓垨澶氫釜璺緞/glob閫夐」锛?D,--DebugShowdebug鐧诲綍-excludestringArray鎺掗櫎璺緞涓嶅彈鐞冨舰琛ㄨ揪寮忔壂鎻忕殑璺緞-FormatStringReportReportGormat锛宱ptions=[Syft-jsonCyclonedx-xmlcyclonedx-jsongithugithugithub-0-jsonspdx-tag-valuespdx-jsontabletext](default"table")--layersstring[experimental]閫夋嫨鍥惧眰缂栫洰锛宱ptions=[squashedall](default"squashed")-o,--outputstringfiletowritethedefaultreportoutputto(defaultisSTDOUT)--platformstring瀹瑰櫒鍥惧儚婧愮殑鍙€夊钩鍙拌鏄庣锛堜緥濡?linux/arm64'锛?linux/arm64/v4'锛?arm6'linux'锛?quiet鎶戝埗鎵€鏈夐潪鎶ュ憡杈撳嚭-v锛?sbomcommands鐨?version鐗堟湰锛氱増鏈瑂howdockersbomsbom鐗堟湰淇℃伅run'dockersbom鍛戒护-help'鏈夊叧鍛戒护鐨勬洿澶氫俊鎭€傞櫎浜嗛棿鎺ョ敓鎴恡abular-modeSBOM杈撳叆澶栵紝杩樻敮鎸佷娇鐢?-format鎸囧畾澶氱绫诲瀷鐨勮緭鍏ユ牸寮忓挶浠皾璇曞闀滃儚聽neo4j:4.4.5聽鐢熸垚SBOM:馃惓聽>$聽docker聽sbom聽neo4jh:4.4.5Syft聽v0.43.0聽鉁斅燣oaded聽image聽鉁斅燩arsed聽image聽鉁斅燙ataloged聽packages聽聽聽聽聽聽[385聽packages]NAME聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽VERSION聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽TYPECodePointIM聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽11.0.15聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽java-archive聽聽FastInfoset聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽1.2.16聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽java-archiveFileChooserDemo聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽11.0.15聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽java-archiveFont2DTest聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽11.0.15聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽java-archiveHdrHistogram聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽2.1.9聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽java-archiveJ2Ddemo聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽11.0.15聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽java-archiveMetalworks聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽11.0.15聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽java-archive...libuuid1聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽2.36.1-8+deb11u1聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽deblibxxhash00.8.0-2deblibzstd11.4.8+dfsg-2.1DeBlistenableFuture9999.0-expenty-to-to-to-avoid-conflict-conflict-with-guava-guavajava-archivelog4j-api2.17.1java-archivelog4j鏍?鏍?J鏍?J-core2.17.17.1java-archivelogivelogin1锛?.8銆?-1deb...涓嬮潰鐨勮緭鍏ヨ〃鍗曡鎴彇浜嗕竴閮ㄥ垎銆傛垜浠彲浠ョ湅鍒帮紝鍦ㄥ垪琛ㄤ腑锛岄櫎浜嗛浂纰庣殑鍖咃紙deb绫诲瀷锛夛紝杩樻湁java鍖咃紝鍏朵腑鍖呭惈浜唋og4j鍖呭強鍏剁増鏈俊鎭紝浠庝腑鍙互浜嗚В瀹瑰櫒闀滃儚鏄惁鍖呭惈渚濊禆鍜屽瓨鍦ㄥ畨鍏ㄦ紡娲炵殑杞欢鍖咃紝鍔犲己搴旂敤杞欢闀滃儚閮ㄧ讲鍜屼娇鐢ㄧ殑瀹夊叏鎬с€備笅闈㈢殑淇℃伅涓篃鐪嬪埌浜哠yftv0.43.0锛岃繖鏄洜涓烘湭鏉ョ殑SBOMCLI鎻掍欢浣跨敤Anchore鐨凷yft椤圭洰鎵弿闀滃儚灞傦紝褰撳墠鐗堟湰鍙兘浼氶€氳繃鍏朵粬鏂瑰紡璇诲彇SBOM淇℃伅銆傝鎴戜滑灏濊瘯杈撳叆闀滃儚SPDX鏍煎紡鐨凷BOM鏂囦欢锛氿煇?$dockersbom--formspdx-json--outputhugo-sbom.jsonmengzyou/hugo:latestSyftv0.43.0鉁斿姞杞藉浘鍍忊湐瑙f瀽鍥惧儚鉁旂紪鐩寘馃惓>$cathugo-sbom.json{"SPDXID":"SPDXRef-DOCUMENT","name":"mengzyou/hugo-latest","spdxVersion":"SPDX-2.2","creationInfo":{"created":"2022-05-09T10:55:06.6343529Z","creators":["Organization:Anchore,Inc","Tool:syft-[notprovided]"],"licenseListVersion":"3.16"},"dataLicense":"CC0-1.0","documentNamespace":"https://anchore.com/syft/image/mengzyou/hugo-latest-162a6a05-379c-49f0-a7f2-b4b738a63d1b","packages":[{"SPDXID":"SPDXRef-ed18f2a986e77aab","name":"alpine-baselayout","licenseConincluded":"GPL-2.0-only","description":"Alpinebasedirstructureandinitscripts","downloadLocation":"https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout",...}}鍥犱负鐢熸垚鐨勬枃浠舵瘮杈冮暱锛屾墍浠ヤ笅闈㈠彧琛ュ厖浜嗕竴灏忛儴鍒嗏€斺€擲PDX锛圫oftwarePackageDataExchage锛夋槸涓€涓弿杩癝BOM淇℃伅鐨勫紑鏀捐鑼冿紝閲岄潰浼氬寘鍚蒋浠剁粍浠讹紝璁稿彲鐗堟潈淇℃伅鍜岀浉鍏冲畨鍏ㄥ弬鑰冦€係PDX閫氳繃涓哄叕鍙稿拰绀惧尯鎻愪緵鍏变韩閲嶈鏁版嵁鐨勯€氱敤鏍煎紡浠ュ噺灏戝啑浣欏伐浣滄潵绠€鍖栧拰鎻愪緵鍚堣鎬с€傛€荤粨杩欓噷绠€鍗曚粙缁嶄竴涓婼BOM锛屼互鍙奃ockerCLI鐨勫疄楠屾€у瓙鍛戒护鈥斺€攕bom锛屼綘鍙互浣跨敤璇ュ懡浠ゅ彲浠ョ敓鎴愬绉嶆牸寮忕殑r瀹瑰櫒闀滃儚鐨凷BOM淇℃伅锛屾柟渚块渶瑕佷娇鐢ㄥ鍣ㄩ暅鍍忛儴缃叉湇鍔$殑寮€鍙戜汉鍛樺拰杩愮淮浜哄憳鏂逛究鐨勮幏鍙栭暅鍍忕殑SBOM淇℃伅锛屼互渚夸簬寮€鍙戜簡瑙i暅鍍忕殑瀹夊叏淇℃伅锛屾弧瓒冲簲鐢ㄧ殑鍚堣鎬с€傚悓鏃讹紝涔熷彲浠ヨ€冭檻灏嗚宸ュ叿浠庡叕鍙镐氦浠樼殑CI/CD娴佹按绾夸腑鎾ゆ帀锛屼綔涓哄闀滃儚浜у搧鐨勫畨鍏ㄦ鏌ャ€備互涓婂氨鏄湰娆″垎浜殑鍏ㄩ儴鍐呭銆傚鏋滆寰楁枃绔犺繕涓嶉敊锛屾杩庡叧娉ㄥ叕浼楀彿锛歅ython缂栫▼瀛︿範鍦堬紝姣忔棩骞茶揣鍒嗕韩锛屽彂閫佲€淛鈥濊繕鑳介鍙栧ぇ閲忓涔犺祫鏂欍€傛垨鑰呭幓缂栫▼瀛︿範缃戜簡瑙f洿澶氱紪绋嬫妧鏈煡璇嗐€?/p>
