-
-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PROPOSAL] general purpose kubernetes
taxonomy KBOM
#59
Comments
i like the idea in general, but ...
|
kubernetes
taxonomy
kubernetes
taxonomykubernetes
taxonomy
@jkowalleck one possibility is to put this under the cdx namespace in the same way we support maven, go, and npm today. |
Thanks for the feedback. I'll follow your guidance here. I could kickstart the discussion with the kubernetes community if needed but if you think a cdx subsection is better that's fine with us. |
KSOK also has a Kubernetes taxonomy: https://github.com/ksoclabs/kbom/blob/main/docs/taxonomy.md PS: moved to https://github.com/rad-security/kbom/blob/main/docs/taxonomy.md |
+1 we (Aqua Trivy) would love to collaborate on this. |
kubernetes
taxonomykubernetes
taxonomy KBOM
just saw the title, thought this might help here: |
Thanks for picking this up. I should mention that in the process to develop vulnerability scanning on top of our KBOM, we changed our KBOM to show Kubernetes components as first class CDX components instead of as properties of other components (such as Pods). {
"bom-ref": "pkg:k8s/k8s.io%[email protected]",
"type": "application",
"name": "k8s.io/apiserver",
"version": "1.21.1",
"purl": "pkg:k8s/k8s.io%[email protected]",
"properties": [
{
"name": "aquasecurity:trivy:resource:Name",
"value": "kube-apiserver-kind-control-plane"
},
{
"name": "aquasecurity:trivy:resource:Type",
"value": "controlPlane"
}
]
}, We are still experimenting and might tweak this more, but this feels like a better approach for us. For now I wouldn't mind closing this issue, until there's clear motivation to reopen it. If that happens I would bring more opinionated suggestion and backing from Kubernetes and the community. |
related request i the specs: |
We're working on mapping Kubernetes clusters composition as BOM (aka "KBOM"). For that, we want to use properties to designate cluster components roles, and attributes that are meaningful to understanding the cluster composition.
For example, here's a snippet from generated KBOM that describes a Kubernetes API Server component:
We're proposing to register a
kubernetes
namespace for the Kubernetes-specific metadata.As for usage, for now, we are following the Kubernetes taxonomy as defined here: https://kubernetes.io/docs/concepts/overview/components/
Which means we will add:
kubernetes:controlplane_component
kubernetes:node_component
kubernetes:addon
If this is acceptable, I'll create a PR with the namespace reservation and initial documentation.
The text was updated successfully, but these errors were encountered: