Newest Supply Chain Security Features in Buildkit v0 11
The Docker community is one of the communities that take software supply chain security risks seriously. Accordingly, they try to add features to products both Docker Desktop, Docker CLI, and BuildKit to mitigate the risks of the software supply chain attacks, such as generating SBOMs, displaying the vulnerability information, providing SLSA provenance based on build information, etc. The BuildKit (v0.11) release came with amazing features such as SLSA Provenance, OCI Image Layout&annotations, #SBOM, and reproducible builds through SOURCE_DATE_EPOCH build arg. All are explained in a very well format in this blog post, thanks to Justin Chadwell. ➡️ Highlights from the BuildKit v0.11 Release
The Docker community is one of the communities that take software supply chain security risks seriously. Accordingly, they try to add features to products both Docker Desktop, Docker CLI, and BuildKit to mitigate the risks of the software supply chain attacks, such as generating SBOMs, displaying the vulnerability information, providing SLSA provenance based on build information, etc. The BuildKit (v0.11) release came with amazing features such as SLSA Provenance, OCI Image Layout&annotations, #SBOM, and reproducible builds through SOURCE_DATE_EPOCH build arg. All are explained in a very well format in this blog post, thanks to Justin Chadwell. ➡️ Highlights from the BuildKit v0.11 Release