What's on this page
Downloading Linkerd SBOMs for BEL
Every release of Buoyant Enterprise for Linkerd is accompanied by a Software Bill of Materials (SBOM) that lists the software components and their versions that are included in the release. SBOMs are available for each Docker image, along with Go and Rust dependencies.
Prerequisites
- Docker installed on your local machine
- Credentials to access the BEL Azure Container Registry (ACR) provided on the Buoyant portal
- ORAS CLI
- jq
Docker image SBOMs
To download SBOMs for BEL Docker images:
# Docker SBOMs
export BEL_VERSION=enterprise-2.15.2
for component in controller policy-controller proxy proxy-init; do
image=buoyant.azurecr.io/enterprise-linkerd/$component:$BEL_VERSION
sbom_digest=$(
oras discover -o json \
--artifact-type sbom/example \
$image | jq -r ".manifests[0].digest"
)
oras pull -o ./ $image@$sbom_digest
done
Go and Rust SBOMs
To download SBOMs for Go and Rust components:
export BEL_VERSION=enterprise-2.15.2
id=$(docker create buoyant.azurecr.io/cli:$BEL_VERSION --entrypoint)
docker cp $id:enterprise-linkerd.$BEL_VERSION.spdx.json enterprise-linkerd.$BEL_VERSION.spdx.json
Rust Cargo SBOMs
To download the Rust Cargo SBOMs:
id=$(docker create buoyant.azurecr.io/cli:latest --entrypoint)
sboms=$(docker export $id | tar t | grep spdx.json)
for sbom in $sboms; do
docker cp $id:$sbom $sbom
done