You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to create a single SBOM to represent a Docker Swarm and everything running on it (I think this is equivalent to the KBOM work for Kubernetes).
My current SBOM starts with a root that is the swarm itself, then has dependent components for each service, each of which has a single dependent component for its container image, and then the container image data is also merged in.
This is all able to show in the Dependency Graph and I can navigate down through the graph to see out of date dependencies at the leaf nodes.
Also, when in Components view I can see all of the vulnerabilities affecting leaf components.
What I would like to be able to do is to put the Components view into "Direct only" mode and see all the Docker services that contain vulnerabilities - but dtrack does not seem to be doing any propagation of vulnerabilities - only the leaf components show them.
Is there any way to get transitive vulnerabilities to show in Components view?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I am trying to create a single SBOM to represent a Docker Swarm and everything running on it (I think this is equivalent to the KBOM work for Kubernetes).
My current SBOM starts with a root that is the swarm itself, then has dependent components for each service, each of which has a single dependent component for its container image, and then the container image data is also merged in.
This is all able to show in the Dependency Graph and I can navigate down through the graph to see out of date dependencies at the leaf nodes.
Also, when in Components view I can see all of the vulnerabilities affecting leaf components.
What I would like to be able to do is to put the Components view into "Direct only" mode and see all the Docker services that contain vulnerabilities - but dtrack does not seem to be doing any propagation of vulnerabilities - only the leaf components show them.
Is there any way to get transitive vulnerabilities to show in Components view?
Thanks
Jim
Beta Was this translation helpful? Give feedback.
All reactions