all InfoSec news
Docker's BuildKit adds SBOM attestation capabilities: How they work — and key limitations
ReversingLabs Blog blog.reversinglabs.com
Docker added support for build-time attestations and software bills of materials (SBOM) in its BuildKit tool earlier this year, giving development teams a way to maintain a complete record of the build process for each image and the software components within it.
BuildKit, Docker's build engine for building container images, is an improvement over the company's legacy, script-based Dockerfile build engine. Docker claims that the tool improves build performance and the reusability of Dockerfiles.
attestation bills build buildkit capabilities claims container container images dev & devsecops development docker engine images improvement key legacy performance process sbom script software software components software supply chain security support teams the company tool work