Skip to content

feat(build): sbom#117

Merged
asher merged 3 commits into
mainfrom
asher/sbom
Jun 26, 2026
Merged

feat(build): sbom#117
asher merged 3 commits into
mainfrom
asher/sbom

Conversation

@asher

@asher asher commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

No description provided.

github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 25, 2026
View reviewed changes
Comment thread .github/workflows/release-image.yaml Fixed
@asher

asher commented Jun 25, 2026

Copy link
Copy Markdown
Contributor Author 
cosign verify-attestation --type cyclonedx --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp 'edera-dev/falco_plugin/.github/.*' ghcr.io/edera-dev/edera_falco_plugin:latest \
  2>/dev/null | jq -r '.payload' | base64 -d | jq '.predicate.components[]["bom-ref"]'
  
 "pkg:cargo/aho-corasick@1.1.4?package-id=ce77e7233108af9d"
"pkg:cargo/allocator-api2@0.2.21?package-id=1194b2777c036ed2"
"pkg:cargo/anstream@1.0.0?package-id=648fab0daf6def1e"
"pkg:cargo/anstyle@1.0.13?package-id=1c22b12a1bb1c8fb"
"pkg:cargo/anstyle-parse@1.0.0?package-id=7a067e370aa162a2"
"pkg:cargo/anstyle-query@1.1.5?package-id=95f4ac112bd2d53a"
"pkg:cargo/anyhow@1.0.102?package-id=a836cee2069bdabc"
"pkg:cargo/assert_matches@1.5.0?package-id=236ddf9990adc9ed"
"pkg:cargo/async-stream@0.3.6?package-id=46bf77fe01161020"
"pkg:cargo/async-stream-impl@0.3.6?package-id=367c8382c0c8aef2"
"pkg:cargo/async-trait@0.1.89?package-id=fad44307c60ebe8b"
"pkg:cargo/atomic-waker@1.1.2?package-id=68bfc6a3eb6d98bc"
"pkg:cargo/attribute-derive@0.10.5?package-id=03c02eb16228c9a9"
"pkg:cargo/attribute-derive-macro@0.10.5?package-id=e579717c7a8f41c9"
"pkg:cargo/axum@0.8.7?package-id=0e3d1ee476ca22ac"
"pkg:cargo/axum-core@0.5.5?package-id=6072320b7b6b1501"
"pkg:cargo/aya@0.13.1?package-id=b7f7273e384165b9"
"pkg:cargo/aya-obj@0.2.1?package-id=48d41a0ee82c868b"
"pkg:cargo/base64@0.22.1?package-id=5e1f17bc5e459f6d"
"pkg:cargo/bitflags@2.12.1?package-id=16d225220555de1d"
"pkg:cargo/bumpalo@3.19.0?package-id=027323d788e57275"
"pkg:cargo/bytes@1.11.0?package-id=fce66a9d68b99dce"
"pkg:cargo/caps@0.5.6?package-id=5df6bdd1dba80e80"
"pkg:cargo/cfg-if@1.0.4?package-id=fc1f7f09ffebef9a"
"pkg:cargo/chrono@0.4.42?package-id=4c427a07c4104e7f"
"pkg:cargo/collection_literals@1.0.3?package-id=5638f49a3b9c2807"
"pkg:cargo/colorchoice@1.0.4?package-id=f2ecca0a6c667d5d"
"pkg:cargo/core-error@0.0.0?package-id=4241133959a7fb7a"
"pkg:cargo/crc32fast@1.5.0?package-id=358586923d6dc24c"
"pkg:cargo/derive-where@1.6.0?package-id=252973f84e555143"
"pkg:cargo/displaydoc@0.2.5?package-id=1f04f6d12dc32804"
"pkg:cargo/dns-lookup@3.0.1?package-id=8f3bd0843436b66d"
"pkg:cargo/dyn-clone@1.0.20?package-id=869c49a4ea76cd85"
"pkg:cargo/edera_falco_plugin@0.0.1?package-id=00191e4618661047"
"pkg:cargo/either@1.15.0?package-id=c21554cc6b13a290"
"pkg:cargo/env_filter@1.0.0?package-id=e31b5b2de7629912"
"pkg:cargo/env_logger@0.11.10?package-id=1efb703e9cb4cf53"
"pkg:cargo/equivalent@1.0.2?package-id=81d2c7b480e53791"
"pkg:cargo/falco_event@0.5.1?package-id=dba0b52ca1e9437c"
"pkg:cargo/falco_event_derive@0.5.1?package-id=c92ed231b69043eb"
"pkg:cargo/falco_plugin@0.5.1?package-id=c20375750f8672ee"
"pkg:cargo/falco_plugin_api@0.5.1?package-id=fc419d9e5d89c19b"
"pkg:cargo/falco_plugin_derive@0.5.1?package-id=d7ab814cae03b042"
"pkg:cargo/fastrand@2.3.0?package-id=35dacdd7ff7bef58"
"pkg:cargo/fnv@1.0.7?package-id=14294036ece82c42"
"pkg:cargo/foldhash@0.1.5?package-id=e831a641d5d41b9b"
"pkg:cargo/form_urlencoded@1.2.2?package-id=7dc3d47b44d689d7"
"pkg:cargo/futures-channel@0.3.31?package-id=cc872c57fa92a876"
"pkg:cargo/futures-core@0.3.31?package-id=0dd512b0a24c3984"
"pkg:cargo/futures-io@0.3.31?package-id=07e9a705ac7f4020"
"pkg:cargo/futures-sink@0.3.31?package-id=d2b7caa0e5f15536"
"pkg:cargo/futures-task@0.3.31?package-id=ab5386c94455da16"
"pkg:cargo/futures-util@0.3.31?package-id=2c81ffb681c60136"
"pkg:cargo/getrandom@0.4.2?package-id=38273bda045881b1"
"pkg:cargo/h2@0.4.12?package-id=d3ed8b2fee978f63"
"pkg:cargo/hashbrown@0.15.5?package-id=5ff4a4d2091e862f"
"pkg:cargo/hashbrown@0.16.0?package-id=92c794df670510d3"
"pkg:cargo/heck@0.5.0?package-id=85d64e625a46e30a"
"pkg:cargo/http@1.3.1?package-id=83a8c7f842aefabd"
"pkg:cargo/http-body@1.0.1?package-id=b0df7691b9da7c09"
"pkg:cargo/http-body-util@0.1.3?package-id=eff34a3cc67fe9b8"
"pkg:cargo/httparse@1.10.1?package-id=57c52303bb6131b3"
"pkg:cargo/httpdate@1.0.3?package-id=5ec5f0893d9af593"
"pkg:cargo/hyper@1.9.0?package-id=9f7eb714c808f4e8"
"pkg:cargo/hyper-timeout@0.5.2?package-id=d19f8525c19bdfd1"
"pkg:cargo/hyper-util@0.1.20?package-id=ff6762447f89548a"
"pkg:cargo/iana-time-zone@0.1.64?package-id=817e11c6c3b7ec5d"
"pkg:cargo/icu_collections@2.1.1?package-id=ab2ee6c3a0344b98"
"pkg:cargo/icu_locale_core@2.1.1?package-id=2c04a149b36e757d"
"pkg:cargo/icu_normalizer@2.1.1?package-id=2c65e8abcbc7ef2c"
"pkg:cargo/icu_normalizer_data@2.1.1?package-id=cd384e80859383bb"
"pkg:cargo/icu_properties@2.1.1?package-id=1d10acad256ddd71"
"pkg:cargo/icu_properties_data@2.1.1?package-id=50892ee39fd44c00"
"pkg:cargo/icu_provider@2.1.1?package-id=0673c0b9ec11f7e3"
"pkg:cargo/idna@1.1.0?package-id=4c9b5cd3fbc70642"
"pkg:cargo/idna_adapter@1.2.1?package-id=a774584a4936b5dd"
"pkg:cargo/indexmap@2.12.0?package-id=e00c5cfa5bd7abca"
"pkg:cargo/interpolator@0.5.0?package-id=bd773e860206db92"
"pkg:cargo/ipnet@2.11.0?package-id=47cfe0e14192181e"
"pkg:cargo/is_terminal_polyfill@1.70.2?package-id=25e62935f5e3da94"
"pkg:cargo/itertools@0.14.0?package-id=f3b0f24b94a50a7e"
"pkg:cargo/itoa@1.0.15?package-id=827f1e7803a595df"
"pkg:cargo/jiff@0.2.23?package-id=c1c2fcf8dd17420c"
"pkg:cargo/libc@0.2.186?package-id=a1dac159a3bbda6f"
"pkg:cargo/libscap-bindings@0.0.7?package-id=ed52b9781dbf1f29"
"pkg:cargo/litemap@0.8.1?package-id=42f64476ad01148c"
"pkg:cargo/lock_api@0.4.14?package-id=2166b7d4d42ef898"
"pkg:cargo/log@0.4.30?package-id=80a28ef8a7ceb244"
"pkg:cargo/manyhow@0.11.4?package-id=e83659470c057fe4"
"pkg:cargo/manyhow-macros@0.11.4?package-id=4062d7e6e1c55ad4"
"pkg:cargo/matchit@0.8.4?package-id=ec2927cab635c040"
"pkg:cargo/memchr@2.7.6?package-id=21e772203672ee9a"
"pkg:cargo/mime@0.3.17?package-id=841c53b9efeec1cd"
"pkg:cargo/mio@1.2.0?package-id=666bdc0ff1556039"
"pkg:cargo/nix@0.30.1?package-id=b37cc3c5a13d8e05"
"pkg:cargo/nix@0.31.3?package-id=d4c62f37649d977c"
"pkg:cargo/num-derive@0.4.2?package-id=311b79b2f31cf4b2"
"pkg:cargo/num-traits@0.2.19?package-id=caa6232e8a1f395e"
"pkg:cargo/object@0.36.7?package-id=8c4525d45be15855"
"pkg:cargo/once_cell@1.21.3?package-id=97754b9b6ef421dd"
"pkg:cargo/parking_lot@0.12.5?package-id=7a8e9a43e5cfe509"
"pkg:cargo/parking_lot_core@0.9.12?package-id=7d057c99863bcf9f"
"pkg:cargo/pbjson@0.9.0?package-id=caae41b5f9de374a"
"pkg:cargo/pbjson-types@0.9.0?package-id=bb85e1188aa84428"
"pkg:cargo/percent-encoding@2.3.2?package-id=8b8bbb8216d9b887"
"pkg:cargo/phf@0.12.1?package-id=4f30273fe801a14d"
"pkg:cargo/phf_generator@0.12.1?package-id=f85298d4f92c9463"
"pkg:cargo/phf_macros@0.12.1?package-id=38fbc1be9ffa1c9c"
"pkg:cargo/phf_shared@0.12.1?package-id=52913abbe6b46427"
"pkg:cargo/pin-project@1.1.10?package-id=6b6bf6e9566777e0"
"pkg:cargo/pin-project-internal@1.1.10?package-id=340fede0b04f285d"
"pkg:cargo/pin-project-lite@0.2.17?package-id=bfbba7f69238645e"
"pkg:cargo/pin-utils@0.1.0?package-id=a4a5f9a2ee9ea8cd"
"pkg:cargo/potential_utf@0.1.4?package-id=0dfc781700bec133"
"pkg:cargo/proc-macro-utils@0.10.0?package-id=ad111f393c82fd60"
"pkg:cargo/proc-macro2@1.0.103?package-id=fd890bbcbcb3f2ad"
"pkg:cargo/prost@0.14.3?package-id=d47e02cd75339316"
"pkg:cargo/prost-derive@0.14.3?package-id=d96af3a3ce5d6f22"
"pkg:cargo/quote@1.0.42?package-id=e605c52766eed237"
"pkg:cargo/quote-use@0.8.4?package-id=d2643949a24d392e"
"pkg:cargo/quote-use-macros@0.8.4?package-id=672a2600c79e868f"
"pkg:cargo/ref-cast@1.0.25?package-id=dfdebb3ec1892213"
"pkg:cargo/ref-cast-impl@1.0.25?package-id=da70e1b4f2a70c9b"
"pkg:cargo/refcell-lock-api@0.1.0?package-id=ab3605395e01ff6e"
"pkg:cargo/regex@1.12.2?package-id=cf9d281f1cc9ec65"
"pkg:cargo/regex-automata@0.4.13?package-id=18f0bc806b5afe4b"
"pkg:cargo/regex-syntax@0.8.8?package-id=d9b63bfd9b8db65a"
"pkg:cargo/ryu@1.0.20?package-id=903fe23f152d3e5e"
"pkg:cargo/schemars@1.1.0?package-id=3a4f01154f22a5eb"
"pkg:cargo/schemars_derive@1.1.0?package-id=81c28d2c054183f8"
"pkg:cargo/scopeguard@1.2.0?package-id=5b73e71be75a7216"
"pkg:cargo/serde@1.0.228?package-id=a604055af99e4cf8"
"pkg:cargo/serde_core@1.0.228?package-id=919318304682e775"
"pkg:cargo/serde_derive@1.0.228?package-id=44d39ba2fdeb320f"
"pkg:cargo/serde_derive_internals@0.29.1?package-id=aa5216828b2203b7"
"pkg:cargo/serde_json@1.0.145?package-id=f8af7029eb445191"
"pkg:cargo/signal-hook-registry@1.4.6?package-id=5dd642bda44f576e"
"pkg:cargo/siphasher@1.0.1?package-id=a97da06b0cb86a8d"
"pkg:cargo/slab@0.4.11?package-id=6b25fab736906491"
"pkg:cargo/smallvec@1.15.1?package-id=da67c95acf0ceca6"
"pkg:cargo/socket2@0.6.3?package-id=4f044d56742eb1cf"
"pkg:cargo/stable_deref_trait@1.2.1?package-id=57672f070ce02dd1"
"pkg:cargo/strum@0.28.0?package-id=6bdf65021937d664"
"pkg:cargo/strum_macros@0.28.0?package-id=0a7fc13804eca8a1"
"pkg:cargo/syn@2.0.110?package-id=27fe2779040825bc"
"pkg:cargo/sync_wrapper@1.0.2?package-id=caec65e02e9e29ca"
"pkg:cargo/synstructure@0.13.2?package-id=82cd30fcbdace277"
"pkg:cargo/thiserror@1.0.69?package-id=dcba4d1211902022"
"pkg:cargo/thiserror@2.0.17?package-id=f0ad9447dbfeb967"
"pkg:cargo/thiserror-impl@1.0.69?package-id=b41558d6083540a9"
"pkg:cargo/thiserror-impl@2.0.17?package-id=bb687d0d43aef56f"
"pkg:cargo/tinystr@0.8.2?package-id=ae39b9eba274208e"
"pkg:cargo/tokio@1.52.3?package-id=8ce1c16166e13285"
"pkg:cargo/tokio-macros@2.7.0?package-id=113a5659014edb4f"
"pkg:cargo/tokio-stream@0.1.18?package-id=53154c05efd9df6b"
"pkg:cargo/tokio-util@0.7.17?package-id=d9b02fd207d9dfcb"
"pkg:cargo/tonic@0.14.6?package-id=6d3010bbbb18444f"
"pkg:cargo/tonic-prost@0.14.6?package-id=30f39e3198eb11df"
"pkg:cargo/tower@0.5.3?package-id=11fb2e37e9faac00"
"pkg:cargo/tower-layer@0.3.3?package-id=be0e7ac9c218da75"
"pkg:cargo/tower-service@0.3.3?package-id=30f2318abb4dda00"
"pkg:cargo/tracing@0.1.41?package-id=c8d7c9e046a8353e"
"pkg:cargo/tracing-attributes@0.1.30?package-id=a9b6e4dfb132872e"
"pkg:cargo/tracing-core@0.1.34?package-id=e358a15d228cbe60"
"pkg:cargo/try-lock@0.2.5?package-id=0e3dfe80717acc17"
"pkg:cargo/typed-path@0.11.0?package-id=4832f543a4778b5b"
"pkg:cargo/unicode-ident@1.0.22?package-id=410f7edfab3d01b7"
"pkg:cargo/url@2.5.8?package-id=56988e5cd95e547f"
"pkg:cargo/utf8_iter@1.0.4?package-id=29bdf87155496de9"
"pkg:cargo/utf8parse@0.2.2?package-id=c3b143bb22c19698"
"pkg:cargo/uuid@1.23.1?package-id=f2c036f904f914e5"
"pkg:cargo/want@0.3.1?package-id=3dbd4ac2b8433a44"
"pkg:cargo/writeable@0.6.2?package-id=5ed907f767bf8e48"
"pkg:cargo/yoke@0.8.1?package-id=dcdcaba88edbcfb7"
"pkg:cargo/yoke-derive@0.8.1?package-id=064a875bb875f0a1"
"pkg:cargo/zerofrom@0.1.6?package-id=144ccf7c83596946"
"pkg:cargo/zerofrom-derive@0.1.6?package-id=97d62d19d872f7eb"
"pkg:cargo/zerotrie@0.2.3?package-id=516624f6f5a1f917"
"pkg:cargo/zerovec@0.11.5?package-id=5ae00265dee8bc78"
"pkg:cargo/zerovec-derive@0.11.2?package-id=f6a6399edfe2b88d"

@asher asher enabled auto-merge (squash) June 25, 2026 02:33
@asher asher requested a review from bleggett June 25, 2026 02:33
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 26, 2026
View reviewed changes
Comment thread .github/workflows/release-image.yaml Dismissed
@asher asher merged commit 4da95e3 into main Jun 26, 2026
6 checks passed
@asher asher deleted the asher/sbom branch June 26, 2026 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bleggett bleggett bleggett approved these changes
+1 more reviewer
@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asher @bleggett @github-advanced-security