|
| 1 | ++++ |
| 2 | +title="Bill of Materials" |
| 3 | +summary="A Software `Bill-of-Materials` (`BOM`) gives you a layer-by-layer view of what's inside your container in a variety of formats including `JSON`." |
| 4 | ++++ |
| 5 | + |
| 6 | +## Summary |
| 7 | + |
| 8 | +A Software **Bill-of-Materials** (`BOM`) provides information necessary to know what's inside your container and how it was constructed. |
| 9 | +Cloud Native Buildpacks provide two forms of Bill-of-Materials. |
| 10 | + |
| 11 | +1. Buildpacks can populate `BOM` information about the dependencies they have provided. |
| 12 | +2. A list of what buildpacks were used to build the application. |
| 13 | + |
| 14 | +## Adding Bill of Materials |
| 15 | + |
| 16 | +Use the following tutorial to add a `Bill-of-Materials` using buildpacks. <br/> |
| 17 | +[Adding bill of materials][adding-bill-of-materials] |
| 18 | + |
| 19 | +## Viewing Bill of Materials |
| 20 | + |
| 21 | +You can use this command to inspect your app for it's `Bill-of-Materials`. |
| 22 | + |
| 23 | +```bash |
| 24 | +pack inspect-image your-image-name --bom |
| 25 | +``` |
| 26 | + |
| 27 | +It can also be accessed by looking at the label `io.buildpacks.build.metadata`. For example, running Docker CLI, jq and using the following command. |
| 28 | + |
| 29 | +```bash |
| 30 | +docker inspect your-image-name | jq -r '.[0].Config.Labels["io.buildpacks.build.metadata"] | fromjson' |
| 31 | +``` |
| 32 | + |
| 33 | +Following is the the information listed in `io.buildpacks.build.metadata` for [Sample Java App](https://github.com/buildpacks/samples/tree/main/apps/java-maven) obtained by building the app using buildpacks and running the above command. |
| 34 | + |
| 35 | +For this output: |
| 36 | + |
| 37 | +1. `bom` is the buildpack populated bom. |
| 38 | +2. `buildpacks` is the list of buildpacks. |
| 39 | + |
| 40 | +```json |
| 41 | +{ |
| 42 | + "bom": [ |
| 43 | + { |
| 44 | + "name": "java", |
| 45 | + "metadata": { |
| 46 | + "version": "11.0.12+7" |
| 47 | + }, |
| 48 | + "buildpack": { |
| 49 | + "id": "google.java.runtime", |
| 50 | + "version": "0.9.1" |
| 51 | + } |
| 52 | + } |
| 53 | + ], |
| 54 | + "buildpacks": [ |
| 55 | + { |
| 56 | + "id": "google.java.runtime", |
| 57 | + "version": "0.9.1" |
| 58 | + }, |
| 59 | + { |
| 60 | + "id": "google.java.maven", |
| 61 | + "version": "0.9.0" |
| 62 | + }, |
| 63 | + { |
| 64 | + "id": "google.java.entrypoint", |
| 65 | + "version": "0.9.0" |
| 66 | + }, |
| 67 | + { |
| 68 | + "id": "google.utils.label", |
| 69 | + "version": "0.0.1" |
| 70 | + } |
| 71 | + ], |
| 72 | + "launcher": { |
| 73 | + "version": "0.11.1", |
| 74 | + "source": { |
| 75 | + "git": { |
| 76 | + "repository": "github.com/buildpacks/lifecycle", |
| 77 | + "commit": "75df86c" |
| 78 | + } |
| 79 | + } |
| 80 | + }, |
| 81 | + "processes": [ |
| 82 | + { |
| 83 | + "type": "web", |
| 84 | + "command": "java", |
| 85 | + "args": ["-jar", "/workspace/target/sample-0.0.1-SNAPSHOT.jar"], |
| 86 | + "direct": true, |
| 87 | + "buildpackID": "google.java.entrypoint" |
| 88 | + } |
| 89 | + ], |
| 90 | + "buildpack-default-process-type": "web" |
| 91 | +} |
| 92 | +``` |
| 93 | + |
| 94 | +[adding-bill-of-materials]: /docs/buildpack-author-guide/create-buildpack/adding-bill-of-materials/ |
0 commit comments