ãœãããŠã§ã¢éšåè¡šïŒSBOMïŒ
SBOM ãšã¯ïŒ
SBOMïŒSoftware Bill of Materials / ãœãããŠã§ã¢éšåè¡šïŒãšã¯ããœãããŠã§ã¢ã¢ããªã±ãŒã·ã§ã³ã®ãã«ãã«äœ¿çšããããã¹ãŠã®ã³ã³ããŒãã³ããã©ã€ãã©ãªãäŸåé¢ä¿ãèšèŒãã詳现ãªã€ã³ãã³ããªã§ãã
SBOM ã¯ãåã³ã³ããŒãã³ãã®ããŒãžã§ã³ãåºæïŒç±æ¥ïŒãä»ã³ã³ããŒãã³ããšã®é¢ä¿æ§ãªã©ãææžåããããšã§ããœãããŠã§ã¢ãµãã©ã€ãã§ãŒã³ã®éææ§ãæäŸããŸãã
èšãæããã°ãSBOM ã¯ãœãããŠã§ã¢ã«ããããã¬ã·ããã®ãããªãã®ã§ããã¹ãŠã®ãææããšãã®çµã¿åãããæ瀺ããŸãã
SBOM ã«å«ãŸãããœãããŠã§ã¢ã¢ãŒãã£ãã¡ã¯ãã®èšè¿°ã«ã¯ã以äžã®ãããªã¡ã¿ããŒã¿ãå«ãŸããããšããããŸã:
-
ã¢ãŒãã£ãã¡ã¯ãå
-
ããŒãžã§ã³æ å ±
-
ã©ã€ã»ã³ã¹çš®å¥
-
äœæè ïŒAuthorsïŒ
-
äžæãªããã±ãŒãžèå¥å
SBOM ãéèŠãªçç±
çŸä»£ã®ãœãããŠã§ã¢ã¢ããªã±ãŒã·ã§ã³ã¯ãå€ãã®å ŽåããªãŒãã³ãœãŒã¹ã©ã€ãã©ãªããµãŒãããŒãã£ãµãŒãã¹ãèªç€Ÿã³ãŒããªã©ãããŸããŸãªåºæã®ã³ã³ããŒãã³ãã§æ§æãããŠããŸãã
ãã®ãããªè€éãã«ãããè匱æ§ã®å¯èŠæ§ãäœäžããã³ã³ãã©ã€ã¢ã³ã¹ã®ç¢ºä¿ãå°é£ã«ãªãããšããããŸãã
SBOMïŒãœãããŠã§ã¢éšåè¡šïŒã¯ãã¢ããªã±ãŒã·ã§ã³ã«å«ãŸãããã¹ãŠã®ã³ã³ããŒãã³ãã詳现ã«èšé²ããããšã§ããããã課é¡ã«å¯Ÿå¿ããŸãã
SBOM ã®éèŠæ§ã¯ä»¥äžã®èŠ³ç¹ããç¹ã«åŒ·èª¿ãããŸã:
-
éææ§ã®åäž: SBOM ã¯ã¢ããªã±ãŒã·ã§ã³ãæ§æãããã¹ãŠã®ã³ã³ããŒãã³ããæ確ã«ç€ºããçµç¹ããµãŒãããŒãã£ã©ã€ãã©ãªãäŸåé¢ä¿ã«äŒŽããªã¹ã¯ãç¹å®ã»è©äŸ¡ããããšãå¯èœã«ããŸãã
-
è匱æ§ç®¡çã®ååã察å¿: SBOM ãåžžã«ææ°ã«ä¿ã€ããšã§ã䜿çšäžã®ãœãããŠã§ã¢ã³ã³ããŒãã³ãã«æœãè匱æ§ãçŽ æ©ãç¹å®ã»ä¿®æ£ã§ããæ»æãåãããªã¹ã¯ã®æéãççž®ã§ããŸãã
-
æ³èŠå¶ã»æ¥çåºæºãžã®å¯Ÿå¿: å€ãã®èŠå¶ãæ¥çæšæºã§ã¯ã䜿çšããŠãããœãããŠã§ã¢ã³ã³ããŒãã³ãã®ç®¡çãæ±ããããŠããŸããSBOM ã¯ãã®èŠä»¶ã«å¯Ÿå¿ããæ確ãã€å®¹æã«ã¢ã¯ã»ã¹å¯èœãªèšé²ãæäŸããŸãã
-
ã€ã³ã·ãã³ã察å¿ã®è¿ éå: ã»ãã¥ãªãã£äŸµå®³ãçºçããéãSBOM ã«ãã£ãŠåœ±é¿ãåããã³ã³ããŒãã³ããè¿ éã«ç¹å®ãã被害ãæå°éã«æããããã®é©åãªå¯Ÿå¿ãå¯èœã«ãªããŸãã
Docker Hardened Image ã«ããã SBOM
Docker Hardened ImagesïŒDHIïŒã«ã¯ SBOMïŒãœãããŠã§ã¢éšåè¡šïŒãçµã¿èŸŒãŸããŠãããã€ã¡ãŒãžã«å«ãŸãããã¹ãŠã®ã³ã³ããŒãã³ããææžåã»æ€èšŒå¯èœãªç¶æ ã§æäŸãããŸãã
ãããã® SBOM ã¯æå·çã«çœ²åãããŠãããæ¹ããæ€åºæ©èœãåããä¿¡é Œæ§ã®é«ãèšé²ãšããŠæ±ããŸãã
ãã®çµ±åã«ãããã»ãã¥ãªãã£ç£æ»ãç°¡çŽ åããããµãã©ã€ãã§ãŒã³å šäœã®ä¿¡é Œæ§ãåäžããŸãã\
Docker Hardened Image ã® SBOM ã衚瀺ãã
Docker Hardened Image ã® SBOM ã衚瀺ããã«ã¯ã以äžã®ããã« docker scout sbom ã³ãã³ãã䜿çšããŸãã
<image-name>:<tag> ã¯å¯Ÿè±¡ã®ã€ã¡ãŒãžåãšã¿ã°ã«çœ®ãæããŠãã ããã
$ docker scout sbom <image-name>:<tag>Docker Hardened Image ã® SBOM ãæ€èšŒãã
Docker Hardened Images ã«ã¯çœ²åä»ã SBOM ãå«ãŸããŠãããããDocker Scout ã䜿ã£ãŠ SBOM ã®çæ£æ§ãšå®å šæ§ãæ€èšŒããããšãã§ããŸãã
ããã«ãããSBOM ãæ¹ãããããŠããªãããšãã€ã¡ãŒãžã®å 容ãä¿¡é Œã§ãããã®ã§ããããšãä¿èšŒã§ããŸãã
以äžã®ã³ãã³ãã䜿ã£ãŠãDocker Scout 㧠SBOM ãæ€èšŒã§ããŸã:
$ docker scout attest get <image-name>:<tag> \
--predicate-type https://scout.docker.com/sbom/v0.1 --verify --platform <platform>äŸ:
dhi/node:20.19-debian12-fips-20250701182639 ã€ã¡ãŒãžã® SBOM ãæ€èšŒããå Žå:
$ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \
--predicate-type https://scout.docker.com/sbom/v0.1 --verify --platform linux/amd64ãªãœãŒã¹
SBOM ã¢ãã¹ããŒã·ã§ã³ã Docker Build ã«é¢ãã詳现ã¯ãSBOM ã¢ãã¹ããŒã·ã§ã³ã®ããã¥ã¡ã³ã ãã芧ãã ããã
Docker Scout ãš SBOM ã®æŽ»çšæ¹æ³ã«ã€ããŠã¯ãDocker Scout ã§ã® SBOM 管ç ãåç §ããŠãã ããã