1
0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-28 06:30:40 +00:00
catalog/task/syft/0.1
vinamra28 e763a4473e Use latest git-clone in Task's tests
With git-clone version 0.8 and onwards, it started running as non-root
and GKE clusters were having some issues, so, we temporarily moved all
tasks to use git-clone version 0.7. Ref: https://github.com/tektoncd/catalog/pull/1079

Since we have now moved to kind clusters in our CI, this issue is now
resolved and thus moving all tasks to use latest version of git-clone

Signed-off-by: vinamra28 <jvinamra776@gmail.com>
2023-09-22 09:32:22 +01:00
..
tests Use latest git-clone in Task's tests 2023-09-22 09:32:22 +01:00
README.md feat: add syft 2022-09-09 13:16:30 +02:00
syft.yaml Updated multi arch docker image value for trivy, syft, grype task and fixed lint failures 2023-07-21 03:27:54 +01:00

syft

This task allows the use of the syft for Tekton Pipelines. See https://github.com/anchore/syft

What's Syft?

A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner tool like Grype. For more detail, please see.

Parameters

  • SYFT_IMAGE: Optional address of the syft container image to be used for task.

    default: "docker.io/anchore/syft:v0.35.1@sha256:fd2da1424585680f220ed61db13096f7abcd0c0073b52616bbce397a8e708a96"

  • ARGS: The arguments to pass to syft CLI. This parameter is required to run this task.

Examples

Run syft --help for Syft usage.

Using the Tekton CLI (tkn):

tkn task start syft -p ARGS="--help"

Generate SBOM for Alpine image:

tkn task start syft -p ARGS="docker.io/alpine:3.13"

Platforms

The Task can be run on linux/amd64 and linux/arm64 platforms.