You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Presently, Paketo Buildpacks have support for SBOM generation as your app images are being built. We support generating SBOM in Syft JSON format, and some buildpacks support using CycloneDX JSON format as well. We scan applications as well as provide SBOM information for what is installed by the buildpacks themselves.
We understand that our present SBOM support is not perfect though, and it came up on the 2025 Survey that we can do better. For example, we can certainly complete support for CycloneDX JSON across all buildpacks.
In this thread, please provide any details you can share, such as...
How are you presently using Paketo buildpacks + SBOM?
What tools are you using to read SBOM? How are you consuming the generated SBOM?
Do you use other tools to generate SBOM? If so, how does Paketo compare?
What do you need out of the SBOM? What is missing from the presently generated SBOM?
Is the Paketo SBOM accurate enough for your needs? If not, what have you found lacking?
Any other use case details, comments, or concerns regarding the support.
Please try to keep feedback grounded with examples of how you're actually using the technology. We want to keep focused on the actual needs of users, as opposed to what could theoretically be done in this space.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Paketo Buildpacks
Uh oh!
There was an error while loading. Please reload this page.
-
Presently, Paketo Buildpacks have support for SBOM generation as your app images are being built. We support generating SBOM in Syft JSON format, and some buildpacks support using CycloneDX JSON format as well. We scan applications as well as provide SBOM information for what is installed by the buildpacks themselves.
We understand that our present SBOM support is not perfect though, and it came up on the 2025 Survey that we can do better. For example, we can certainly complete support for CycloneDX JSON across all buildpacks.
In this thread, please provide any details you can share, such as...
Please try to keep feedback grounded with examples of how you're actually using the technology. We want to keep focused on the actual needs of users, as opposed to what could theoretically be done in this space.
Beta Was this translation helpful? Give feedback.
All reactions