Software Bill of Materials (SBOM)

Example SBOMs generated with gitlab.com/to-be-continuous/docker, Buildah and sbom-opts: --override-default-catalogers dpkg-db-cataloger,javascript-package-cataloger,php-composer-installed-cataloger --select-catalogers -file¹:

¹ This is actually missing the apk-db-cataloger and at least also the sbom-cataloger.

Alpine base image, OJS lts:

• Trivy vulnerability report
  • docker-trivy-docker.io_pkpofficial_ojs_snapshot_lts.gitlab.json (593 B)
• Syft SBOM
  • docker-sbom-docker.io_pkpofficial_ojs_snapshot_lts.cyclonedx.json (3,7 MB)
  • docker-sbom-docker.io_pkpofficial_ojs_snapshot_lts.native.json (6,3 MB)

Debian base image, OJS stable:

• Trivy vulnerability report
  • docker-trivy-docker.io_pkpofficial_ojs_snapshot_stable.gitlab.json (593 B)
• Syft SBOM
  • docker-sbom-docker.io_pkpofficial_ojs_snapshot_stable.cyclonedx.json (1,1 MB)
  • docker-sbom-docker.io_pkpofficial_ojs_snapshot_stable.native.json (7,1 MB)

These were generalised to the docker.io/pkpofficial/ojs namespace.

Please note the absence of PKP artifacts, due to currently not Managing PKP depencies with Composer .