diff --git a/platform.md b/platform.md index ae849aee..5e3acd19 100644 --- a/platform.md +++ b/platform.md @@ -421,14 +421,15 @@ Usage: | `<skip-layers>`| `CNB_SKIP_LAYERS` | `false` | Do not perform [layer restoration]((#layer-restoration) ##### Outputs -| Output | Description -|---------------------------------------|---------------------------------------------- -| [exit status] | (see Exit Code table below for values) -| `/dev/stdout` | Logs (info) -| `/dev/stderr` | Logs (warnings, errors) -| `<layers>/<buidpack-id>/store.toml` | Persistent metadata (see data format in [Buildpack Interface Specification](buildpack.md)) -| `<layers>/<buidpack-id>/<layer>.toml` | Files containing the layer content metadata of each analyzed layer (see data format in [Buildpack Interface Specification](buildpack.md)) -| `<layers>/<buidpack-id>/<layer>/*`. | Restored layer contents +| Output | Description +|---------------------------------------------|---------------------------------------------- +| [exit status] | (see Exit Code table below for values) +| `/dev/stdout` | Logs (info) +| `/dev/stderr` | Logs (warnings, errors) +| `<layers>/<buidpack-id>/store.toml` | Persistent metadata (see data format in [Buildpack Interface Specification](buildpack.md)) +| `<layers>/<buidpack-id>/<layer>.toml` | Files containing the layer content metadata of each analyzed layer (see data format in [Buildpack Interface Specification](buildpack.md)) +| `<layers>/<buidpack-id>/<layer>.sbom.<ext>` | Files containing the Software Bill of Materials for each analyzed layer (see [Buildpack Interface Specification](buildpack.md)) +| `<layers>/<buidpack-id>/<layer>/*`. | Restored layer contents | Exit Code | Result| |-----------|-------| @@ -492,9 +493,9 @@ Usage: - The lifecycle SHALL execute all buildpacks in the order defined in `<group>` according to the process outlined in the [Buildpack Interface Specification](buildpack.md). - The lifecycle SHALL add all invoked buildpacks to`<layers>/config/metadata.toml`. -- The lifecycle SHALL aggregate all `processes`, `slices` and BOM entries returned by buildpacks in `<layers>/config/metadata.toml`. +- The lifecycle SHALL aggregate all `processes`, `slices` and `bom` entries returned by buildpacks in `<layers>/config/metadata.toml`. - The lifecycle SHALL record the buildpack-provided default process type in `<layers>/config/metadata.toml`. - - The lifecycle SHALL treat `web` processes defined by buildpacks implementing buildpack API < 0.6 as `default = true`. + - The lifecycle SHALL treat `web` processes defined by buildpacks implementing Buildpack API < 0.6 as `default = true`. #### `exporter` Usage: @@ -566,6 +567,9 @@ Usage: - All run-image layers SHALL be preserved - All run-image config values SHALL be preserved unless this conflicts with another requirement - MUST contain all buildpack-provided launch layers as determined by the [Buildpack Interface Specfication](buildpack.md) + - MUST contain a layer containing all buildpack-provided Software Bill of Materials (SBOM) files for `launch` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present + - `<layers>/sbom/<buildpack-id>/launch.sbom.<ext>` MUST contain the buildpack-provided `launch` SBOM + - `<layers>/sbom/<buildpack-id>/<layer-id>/launch.sbom.<ext>` MUST contain the buildpack-provided layer SBOM if `<layer-id>` is a `launch` layer - MUST contain one or more app layers as determined by the [Buildpack Interface Specfication](buildpack.md) - MUST contain one or more launcher layers that include: - A file with the contents of the `<launcher>` file at path `/cnb/lifecycle/launcher` @@ -594,8 +598,13 @@ Usage: - The lifecycle SHALL write a [report](#reporttoml-toml) to `<report>` describing the exported app image +- The `<layers>` directory: + - MUST include all buildpack-provided Software Bill of Materials (SBOM) files for `build` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present + - `<layers>/sbom/<buildpack-id>/build.sbom.<ext>` MUST contain the buildpack-provided `build` SBOM + - `<layers>/sbom/<buildpack-id>/<layer-id>/build.sbom.<ext>` MUST contain the buildpack-provided layer SBOM if `<layer-id>` is not a `launch` layer + - *If* a cache is provided the lifecycle: - - SHALL write the contents of all cached layers to the cache + - SHALL write the contents of all cached layers and any provided layer-associated SBOM files to the cache - SHALL record the diffID and layer content metadata of all cached layers in the cache #### `creator` @@ -923,10 +932,10 @@ paths = ["<app sub-path glob>"] ``` Where: -- `id`, `version`, and `api` MUST be present for each buildpack. +- `id`, `version`, and `api` MUST be present for each buildpack - `processes` contains the complete set of processes contributed by all buildpacks - `processes` contains the complete set of slice defined by all buildpacks -- `bom` contains the Bill of Materials +- `bom` contains the Bill of Materials contributed by buildpacks implementing Buildpack API < 0.7 #### `order.toml` (TOML) @@ -1009,7 +1018,7 @@ Where: - **If** the app image was exported to a docker daemon - `imageID` MUST contain the imageID - **If** the app image was the result of a build operation - - `build.bom` MUST contain any build Bill-of-Materials entries returned by participating buildpacks + - `build.bom` MUST contain any build Bill of Materials entries returned by buildpacks implementing Buildpack API < 0.7 #### `stack.toml` (TOML) @@ -1076,7 +1085,7 @@ Where: Where: - `processes` MUST contain all buildpack contributed processes - `buildpacks` MUST contain the detected group -- `bom` MUST contain the Bill of Materials +- `bom` MUST contain the Bill of Materials contributed by buildpacks implementing Buildpack API < 0.7 - `launcher.version` SHOULD contain the version of the `launcher` binary included in the app - `launcher.source.git.repository` SHOULD contain the git repository containing the `launcher` source code - `launcher.source.git.commit` SHOULD contain the git commit from which the given `launcher` was built @@ -1088,6 +1097,9 @@ Where: "app": [ {"sha": "<slice-layer-diffID>"} ], + "sbom": { + "sha": "<BOM-layer-diffID>" + }, "config": { "sha": "<config-layer-diffID>" }, @@ -1123,8 +1135,9 @@ Where: Where: - `app` MUST contain one entry per app slice layer where - `sha` MUST contain the digest of the uncompressed layer -- `config.sha` MUST the digest of the uncompressed layer containing launcher config -- `launcher.sha` MUST the digest of the uncompressed layer containing the launcher binary +- `sbom.sha` MUST contain the digest of the uncompressed layer containing buildpack-provided Software Bill of Materials +- `config.sha` MUST contain the digest of the uncompressed layer containing launcher config +- `launcher.sha` MUST contain the digest of the uncompressed layer containing the launcher binary - `buildpacks` MUST contain one entry per buildpack that participated in the build where - `key` is required and MUST contain the buildpack ID - `version` is required and MUST contain the buidpack Version