[Suggestion] Been able to use different tools to grab the SBOM

[cmoulliard]

Suggestion

That should be interesting that the existing RHTAP "sbow-task" and its image supports different tools able to grab the SBOM and generate the output and not only cosign as by example we can only use for Buildpack the grype tool

      - name: show-sbom
        # Goal: Export from the buildpack image the SBOM files using Grype tool
        # Definition: https://github.com/tektoncd/catalog/tree/main/task/grype/0.1
        when:
          - input: $(params.enable-sbom)
            operator: in
            values: ["true"]
        params:
          - name: GRYPE_IMAGE
            value: anchore/grype:v0.65.1
          - name: ARGS
            value:
              - $(tasks.build-container.results.IMAGE_URL)
              - -o $(params.grype-sbom-format)

[brianwcook]

I'm not sure what you are trying to do here, create sbom for fetch it?

[cmoulliard]

Buildpack generatse OOTB during the build the SBOM. I'lm using the grype task here to be able to get it from the OCI image built to stdout the content as table or json or another format