diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index f6a4338b7c..c22f1cba6d 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -134,6 +134,8 @@ jobs: push: ${{ github.event_name != 'pull_request' }} pull: true no-cache: ${{ github.event_name != 'pull_request' }} + sbom: ${{ github.event_name != 'pull_request' }} + provenance: false build-args: | BUILD_OS=${{ inputs.image }} IC_VERSION=${{ github.event_name == 'pull_request' && 'CI' || steps.meta.outputs.version }} diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 78c1af77c0..ecf278c6ca 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -114,6 +114,8 @@ jobs: push: ${{ github.event_name != 'pull_request' }} pull: true no-cache: ${{ github.event_name != 'pull_request' }} + sbom: ${{ github.event_name != 'pull_request' }} + provenance: false build-args: | BUILD_OS=${{ inputs.image }} IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.meta.outputs.version || 'CI' }} diff --git a/README.md b/README.md index 03d361ade7..00f045bfa3 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,6 @@ Read [this doc](https://docs.nginx.com/nginx-ingress-controller/intro/nginx-plus 1. See additional configuration [examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). 1. Learn more about all available configuration and customization in the [docs](https://docs.nginx.com/nginx-ingress-controller/). - ## NGINX Ingress Controller Releases We publish Ingress Controller releases on GitHub. See our [releases page](https://github.com/nginxinc/kubernetes-ingress/releases). @@ -71,6 +70,23 @@ The table below summarizes the options regarding the images, manifests, helm cha | Latest stable release | For production use | Use the 3.0.2 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | Use the 3.0.2 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.2/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.2/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | | Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments/helm-chart). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). | +## SBOM (Software Bill of Materials) + +We generate SBOMs for the binaries and the Docker images. + +### Binaries + +The SBOMs for the binaries are available in the releases page. The SBOMs are generated using [syft](https://github.com/anchore/syft) and are available in SPDX format. + +### Docker Images + +The SBOMs for the Docker images are available in the [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) repositories. The SBOMs are generated using [syft](https://github.com/anchore/syft) and stored as an attestation in the image manifest. + +For example to retrieve the SBOM for `linux/amd64` from Docker Hub and analyze it using [grype](https://github.com/anchore/grype) you can run the following command: +``` +$ docker buildx imagetools inspect nginx/nginx-ingress:edge --format '{{ json (index .SBOM "linux/amd64").SPDX }}' | grype +``` + ## Contacts We’d like to hear your feedback! If you have any suggestions or experience issues with our Ingress Controller, please create an issue or send a pull request on GitHub. diff --git a/build/Dockerfile b/build/Dockerfile index 572289554a..f0d3dfcc30 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.5 ARG BUILD_OS=debian ARG NGINX_PLUS_VERSION=R28 ARG DOWNLOAD_TAG=edge diff --git a/tests/docker/Dockerfile b/tests/docker/Dockerfile index 96ad0ee538..b36d4c4929 100644 --- a/tests/docker/Dockerfile +++ b/tests/docker/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.5 # this is here so we can grab the latest version of kind and have dependabot keep it up to date FROM kindest/node:v1.26.0