sbom: Include predicate type as the output SBOM. (#2005)

wlynch · web-flow · commit 1a683b227173 · 2026-02-19T06:52:51.000Z
Currently we use the generator key as the format in the generated SBOM
(e.g. "spdx"). It's more useful if we can get the predicate type in the
output so we can know how to handle and parse it.
diff --git a/pkg/build/sbom.go b/pkg/build/sbom.go
@@ -129,10 +129,11 @@ func (bc *Context) GenerateImageSBOM(ctx context.Context, arch types.Architectur
 			return nil, fmt.Errorf("generating %s sbom: %w", gen.Key(), err)
 		}
 		sboms = append(sboms, types.SBOM{
-			Path:   filename,
-			Format: gen.Key(),
-			Arch:   arch.String(),
-			Digest: h,
+			Path:          filename,
+			Format:        gen.Key(),
+			PredicateType: gen.PredicateType(),
+			Arch:          arch.String(),
+			Digest:        h,
 		})
 	}
 	return sboms, nil
@@ -259,9 +260,10 @@ func GenerateIndexSBOM(ctx context.Context, o options.Options, ic types.ImageCon
 			return nil, fmt.Errorf("generating %s sbom: %w", gen.Key(), err)
 		}
 		sboms = append(sboms, types.SBOM{
-			Path:   filename,
-			Format: gen.Key(),
-			Digest: h,
+			Path:          filename,
+			Format:        gen.Key(),
+			PredicateType: gen.PredicateType(),
+			Digest:        h,
 		})
 	}
 
diff --git a/pkg/build/types/types.go b/pkg/build/types/types.go
@@ -429,10 +429,11 @@ func ParseArchitectures(in []string) []Architecture {
 }
 
 type SBOM struct {
-	Arch   string
-	Path   string
-	Format string
-	Digest v1.Hash
+	Arch          string
+	Path          string
+	Format        string
+	PredicateType string
+	Digest        v1.Hash
 }
 
 type Layering struct {
diff --git a/pkg/sbom/generator/generator.go b/pkg/sbom/generator/generator.go
@@ -25,6 +25,7 @@ import (
 type Generator interface {
 	Key() string
 	Ext() string
+	PredicateType() string
 	Generate(context.Context, *options.Options, string) error
 	GenerateIndex(*options.Options, string) error
 }
diff --git a/pkg/sbom/generator/spdx/spdx.go b/pkg/sbom/generator/spdx/spdx.go
@@ -66,6 +66,10 @@ func (sx *SPDX) Ext() string {
 	return "spdx.json"
 }
 
+func (sx *SPDX) PredicateType() string {
+	return "https://spdx.dev/Document"
+}
+
 func stringToIdentifier(in string) (out string) {
 	in = strings.ReplaceAll(in, ":", "-")
 	return validIDCharsRe.ReplaceAllStringFunc(in, func(s string) string {

Original file line number	Diff line number	Diff line change
`@@ -429,10 +429,11 @@ func ParseArchitectures(in []string) []Architecture {`
`429`	`429`	`}`
`430`	`430`
`431`	`431`	`type SBOM struct {`
`432`		`- Arch string`
`433`		`- Path string`
`434`		`- Format string`
`435`		`- Digest v1.Hash`
	`432`	`+ Arch string`
	`433`	`+ Path string`
	`434`	`+ Format string`
	`435`	`+ PredicateType string`
	`436`	`+ Digest v1.Hash`
`436`	`437`	`}`
`437`	`438`
`438`	`439`	`type Layering struct {`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ import (`
`25`	`25`	`type Generator interface {`
`26`	`26`	`Key() string`
`27`	`27`	`Ext() string`
	`28`	`+ PredicateType() string`
`28`	`29`	`Generate(context.Context, *options.Options, string) error`
`29`	`30`	`GenerateIndex(*options.Options, string) error`
`30`	`31`	`}`