When building multi stage images in CI/CD with DHI bases, what recommended approach to preserve SBOMs & attestations for compliance? See example #105
Answered
by
cdupuis
godfreyowidi
asked this question in
Q&A
-
|
Beta Was this translation helpful? Give feedback.
Answered by
cdupuis
Jan 7, 2026
Replies: 1 comment
-
|
@godfreyowidi, this documentation page should help with that: https://docs.docker.com/build/metadata/attestations/sbom/#arguments It outlines how to generate SBOMs across multi stage builds. cd PS for your runtime stage I'd suggest taking a look at |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
cdupuis
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@godfreyowidi, this documentation page should help with that: https://docs.docker.com/build/metadata/attestations/sbom/#arguments
It outlines how to generate SBOMs across multi stage builds.
cd
PS for your runtime stage I'd suggest taking a look at
dhi.io/staticfrom https://dhi.io/catalog/static. This hasca-certs,tzdataand a non-root user already.