1、Docker Desktop 4.7.0中包含了一个实验性的Docker sbom CLI命令,可以显示任何Docker镜像的SBOM (Software Bill Of Materials) 。对于容器镜像,包括安装的操作系统包(例如:ca-certificates)以及软件所依赖的特定于语言的包(例如:log4j)。
Docker Desktop 4.13.0
PS C:\Users\admin> docker sbom mizy/alpine
NAME VERSION TYPE
alpine-baselayout 3.2.0-r22 apk
alpine-baselayout-data 3.2.0-r22 apk
alpine-keys 2.4-r1 apk
apk-tools 2.12.9-r3 apk
busybox 1.35.0-r17 apk
ca-certificates-bundle 20220614-r0 apk
libc-utils 0.7.2-r3 apk
libcrypto1.1 1.1.1q-r0 apk
libssl1.1 1.1.1q-r0 apk
musl 1.2.3-r0 apk
musl-utils 1.2.3-r0 apk
scanelf 1.3.4-r0 apk
ssl_client 1.35.0-r17 apk
zlib 1.2.12-r3 apk
2、