►
Description
Demo of SBOM report generation in Container Scanning for Trivy-based analyzers.
This contributes to the Continuous Vulnerability Scans feature by allowing to ingest components detected in container images.
A
Hi,
my
name
is
Aditya
tiwari
and
I
am
Senior
backend
engineer
at
gitlab.
Today,
I
am
going
to
demo
generate
as
bomb
in
continuous
scanning.
I
have
created
this
test
project,
where
I
am
going
to
scan
a
Docker
Alpine
image
in
gitlab
15.11.
We
have
introduced
as
bomb
scanning
with
preview
paste
analyzers
in
curtain
scanning
jobs,
so
in
container
scanning
job
you
can
go
to
job
artifacts
and
browse
the
reports.
Here
you
will
see
a
new
report
called
glscom
report.cdex.json,
which
is
asbomb
report,
and
it
would
look
something
like
this.