@@ -465,7 +465,8 @@ The SBOMs for the binaries are available in the releases page. The SBOMs are gen
465465
466466### Docker Image
467467
468- The SBOM for the Docker image is available in the [ DockerHub] ( https://hub.docker.com/r/nginx/nginx-prometheus-exporter ) ,
468+ The SBOM for the Docker image is available in the
469+ [ DockerHub] ( https://hub.docker.com/r/nginx/nginx-prometheus-exporter ) ,
469470[ GitHub Container registry] ( https://github.com/nginxinc/nginx-prometheus-exporter/pkgs/container/nginx-prometheus-exporter ) ,
470471[ Amazon ECR Public Gallery] ( https://gallery.ecr.aws/nginx/nginx-prometheus-exporter ) and
471472[ Quay.io] ( https://quay.io/repository/nginx/nginx-prometheus-exporter ) repositories. The SBOMs are generated using
@@ -478,6 +479,21 @@ For example to retrieve the SBOM for `linux/amd64` from Docker Hub and analyze i
478479docker buildx imagetools inspect nginx/nginx-prometheus-exporter:edge --format '{{ json (index .SBOM "linux/amd64").SPDX }}' | grype
479480```
480481
482+ ## Provenance
483+
484+ We generate provenance for the Docker image and it's available in the
485+ [ DockerHub] ( https://hub.docker.com/r/nginx/nginx-prometheus-exporter ) ,
486+ [ GitHub Container registry] ( https://github.com/nginxinc/nginx-prometheus-exporter/pkgs/container/nginx-prometheus-exporter ) ,
487+ [ Amazon ECR Public Gallery] ( https://gallery.ecr.aws/nginx/nginx-prometheus-exporter ) and
488+ [ Quay.io] ( https://quay.io/repository/nginx/nginx-prometheus-exporter ) repositories, stored as an attestation in the
489+ image manifest.
490+
491+ For example to retrieve the provenance for ` linux/amd64 ` from Docker Hub you can run the following command:
492+
493+ ``` console
494+ docker buildx imagetools inspect nginx/nginx-prometheus-exporter:edge --format '{{ json (index .Provenance "linux/amd64").SLSA }}'
495+ ```
496+
481497## Contacts
482498
483499We’d like to hear your feedback! If you have any suggestions or experience issues with the NGINX Prometheus Exporter,
0 commit comments