Support for OCI Registries

[nlamirault]

Hi,
according to the documentation: This operator scans all SBOMs from a git-repository for vulnerabilities using Grype

The sbom-operator could generate a SBOM and store it into an OCI-Registry.

Do you think it is possible to support OCI Registry in vulnerability-operator

[ckotzbauer]

Hi @nlamirault,
thanks for your feature-request. Yes, it is of course possible to add an OCI-Target to this project. Which information in which format do you wish to store?

[nlamirault]

i would like to do:

• the sbom-operator generate SBOM, and store it into an OCI Registry
• the vulnerability-operator load SBOM from this OCI Registry and execute a scan.

[ckotzbauer]

Okay, you want OCI-Support as source instead of as target. Yes, this might also be possible.

[github-actions]

This issue is stale because it has been open 90 days with no activity. Remove stale label with /remove-lifecycle stale or comment or this will be closed in 5 days.

[nlamirault]

any news on this feature @ckotzbauer ?

[ckotzbauer]

No, not yet. I did not forget this feature, but had no time to implement it yet.