Comments (2)
phillmv
commented on August 19, 2024
2
Hello & thanks for reaching out :). We've actually been monitoring these failures over the past couple of days, so it's great to communicate directly.
We're working on addressing this (friendlier errors, fixing the docs link, having the API not error out 😅) but in the meantime… the issue is the default SBOM being generated for your dockerfile is larger than we envisioned supporting 🤦♀️.
To be clear, this is a failure on our side; you're even using the action we recommended in our docs/blog post.
But while we figure out how to best support this, our recommendation is to try to find a way to generate an SBOM that meets your needs but encodes less redundant information. (Or even… compressing the sbom before trying to attest it? 🤔 We haven't tried that yet)
Thanks for trying our feature out! We're sorry you ran into these errors, but at least it's helped us uncover these limitations.
from attest.
oliversalzburg
commented on August 19, 2024
in the meantime… the issue is the default SBOM being generated for your dockerfile is larger than we envisioned supporting
Thank you, that was actually also my suspicion. I then figured that having an SBOM this large is maybe an error on my part, and I started to trim down the complexity of the image, which resolved the problem for me.
I was just trying to get an all around better understanding of SBOM and attestation features. I have no immediate use case that I'm trying to support, other than creating building blocks for future requirements.
Thanks for the great response :)
from attest.
Related Issues (6)
- Support public signing in private repositories HOT 3
- (503) Service Unavailable when using GitHub Sigstore instance HOT 1
- Docs suggestion: Clarify use with release tags HOT 2
- Consider naming the generated attestation file `attestation.intoto.json` or allow users to configure it
- Timeout in OCI push HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attest.