all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Docker's BuildKit adds SBOM attestation capabilities: How they work — and key limitations

Add to bookmarks
April 4, 2023, noon | jaikumar.vijayan@gmail.com (Jaikumar Vijayan)

ReversingLabs Blog blog.reversinglabs.com




Docker added support for build-time attestations and software bills of materials (SBOM) in its BuildKit tool earlier this year, giving development teams a way to maintain a complete record of the build process for each image and the software components within it. 


BuildKit, Docker's build engine for building container images, is an improvement over the company's legacy, script-based Dockerfile build engine. Docker claims that the tool improves build performance and the reusability of Dockerfiles

attestation bills build buildkit capabilities claims container container images dev & devsecops development docker engine images improvement key legacy performance process sbom script software software components software supply chain security support teams the company tool work

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

When it comes to threat modeling, not all threats are created equal 22 hours ago | blog.reversinglabs.com
appsec & supply chain security can career fix +4
CISA's new 'vulnrichment' program aims to bolster the NVD 1 day, 22 hours ago | blog.reversinglabs.com
agency appsec & supply chain security bolster cisa +17
ReversingLabs Search Extension for Splunk Enterprise 2 days, 21 hours ago | blog.reversinglabs.com
apis application blog command +13
What you missed at RSA Conference 2024: Key trends and takeaways 2 days, 22 hours ago | blog.reversinglabs.com
america appsec & supply chain security artificial intelligence (ai) center +20
NSA: State-backed attackers are not after your data — they're targeting CI 1 week ago | blog.reversinglabs.com
advanced advanced persistent threat agency apt +22
CI/CD pipelines and the cloud: Are your development secrets at risk? 1 week, 1 day ago | blog.reversinglabs.com
appsec & supply chain security aws azure can +21
Why GenAI fails at full SOC automation 1 week, 2 days ago | blog.reversinglabs.com
ai tools automation autonomous build +23
Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic 2 weeks ago | blog.reversinglabs.com
alarm appsec & supply chain security breach breaches +25
What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss 2 weeks, 1 day ago | blog.reversinglabs.com
appsec & supply chain security cisos development don +16

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Information System Security Engineer 2

@ Wyetech | Annapolis Junction, Maryland
View on infosec-jobs.com

Staff Vulnerability/Configuration Management Security Engineer

@ ServiceNow | Hyderabad, India
View on infosec-jobs.com

Security Engineer

@ AXS | London, England, UK
View on infosec-jobs.com