Capo is a program and library to inspect the result of a buildah build and scan partial image content for better contextualization of packages in OCI image SBOMs.
It is primarily developed to be used in the Konflux CI project, to deliver more accurate OCI image SBOMs to customers.
Warning
This project is a work in progress, and its API is unstable. Until version v1.0.0 is available, the API might change on minor version increase.
To install, simply run:
go install github.com/konflux-ci/capo@latestAfter capo is installed, you can build your image using buildah and run capo.
buildah build -f Containerfile
capo --containerfile=ContainerfileWhen building an image with certain special options, these need to be passed to
capo as well. An example of these are the --target and --build-arg options:
buildah build -f Containerfile --target builder --build-arg KEY=VAL
capo --containerfile=Containerfile --target=builder --build-arg=KEY=VALFor the full list of these options, consult the usage:
capo -hThe project uses mage as a runner, to make common operations simple to run. To list available targets for the project, you can run:
mage -lIf you don't already have mage available, you can use the following command to install it:
go install github.com/magefile/mage@latestThe project also uses golangci-lint to run linters:
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.6.1
mage lint