mirror of
https://github.com/tektoncd/catalog.git
synced 2024-11-28 06:30:40 +00:00
e763a4473e
With git-clone version 0.8 and onwards, it started running as non-root and GKE clusters were having some issues, so, we temporarily moved all tasks to use git-clone version 0.7. Ref: https://github.com/tektoncd/catalog/pull/1079 Since we have now moved to kind clusters in our CI, this issue is now resolved and thus moving all tasks to use latest version of git-clone Signed-off-by: vinamra28 <jvinamra776@gmail.com> |
||
---|---|---|
.. | ||
tests | ||
README.md | ||
syft.yaml |
syft
This task allows the use of the syft for Tekton Pipelines. See https://github.com/anchore/syft
What's Syft?
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner tool like Grype. For more detail, please see.
Parameters
-
SYFT_IMAGE: Optional address of the syft container image to be used for task.
default: "docker.io/anchore/syft:v0.35.1@sha256:fd2da1424585680f220ed61db13096f7abcd0c0073b52616bbce397a8e708a96"
-
ARGS: The arguments to pass to
syft
CLI. This parameter is required to run this task.
Examples
Run syft --help
for Syft usage.
Using the Tekton CLI (tkn
):
tkn task start syft -p ARGS="--help"
Generate SBOM for Alpine image:
tkn task start syft -p ARGS="docker.io/alpine:3.13"
Platforms
The Task can be run on linux/amd64
and linux/arm64
platforms.