\u0642\u0627\u0626\u0645\u0629 \u0645\u0643\u0648\u0646\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a (Software Bill of Materials – SBOM) \u0647\u064a \u062c\u0631\u062f \u0631\u0633\u0645\u064a \u0642\u0627\u0628\u0644 \u0644\u0644\u0642\u0631\u0627\u0621\u0629 \u0622\u0644\u064a\u0627\u064b \u0644\u0643\u0644 \u0645\u0643\u0648\u0651\u0646 \u0648\u0645\u0643\u062a\u0628\u0629 \u0648\u062a\u0628\u0639\u064a\u0629 \u062a\u064f\u0634\u0643\u0651\u0644 \u062c\u0632\u0621\u0627\u064b \u0645\u0646 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c. \u0641\u0643\u0651\u0631 \u0641\u064a\u0647\u0627 \u0643\u0645\u0644\u0635\u0642 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u063a\u0630\u0627\u0626\u064a\u0629 \u0644\u062a\u0637\u0628\u064a\u0642\u0643 \u2014 \u0644\u0643\u0646 \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0627\u0644\u0633\u0639\u0631\u0627\u062a \u0627\u0644\u062d\u0631\u0627\u0631\u064a\u0629 \u0648\u0627\u0644\u0635\u0648\u062f\u064a\u0648\u0645\u060c \u0641\u0623\u0646\u062a \u062a\u0633\u0631\u062f \u0627\u0644\u062d\u0632\u0645 \u0648\u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0648\u0627\u0644\u062a\u0631\u0627\u062e\u064a\u0635 \u0648\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631.<\/p>\n
\u0627\u0646\u062a\u0642\u0644\u062a \u0642\u0648\u0627\u0626\u0645 SBOM \u0645\u0646 \u0643\u0648\u0646\u0647\u0627 \u0645\u064a\u0632\u0629 \u0627\u062e\u062a\u064a\u0627\u0631\u064a\u0629 \u0625\u0644\u0649 \u0645\u062a\u0637\u0644\u0628 \u062a\u0646\u0638\u064a\u0645\u064a \u0625\u0644\u0632\u0627\u0645\u064a. \u0647\u0646\u0627\u0643 \u0633\u064a\u0627\u0633\u062a\u0627\u0646 \u0628\u0627\u0631\u0632\u062a\u0627\u0646 \u062a\u062f\u0641\u0639\u0627\u0646 \u0646\u062d\u0648 \u062a\u0628\u0646\u0651\u064a\u0647\u0627 \u0641\u064a \u062c\u0645\u064a\u0639 \u0627\u0644\u0642\u0637\u0627\u0639\u0627\u062a:<\/p>\n
\u0635\u062f\u0631 \u0641\u064a \u0645\u0627\u064a\u0648 2021\u060c \u0648\u064a\u064f\u0644\u0632\u0645 EO 14028<\/strong> \u2014 “\u062a\u062d\u0633\u064a\u0646 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0644\u0644\u0623\u0645\u0629” \u2014 \u0628\u0623\u0646 \u0623\u064a \u0628\u0631\u0646\u0627\u0645\u062c \u064a\u064f\u0628\u0627\u0639 \u0644\u0644\u062d\u0643\u0648\u0645\u0629 \u0627\u0644\u0641\u064a\u062f\u0631\u0627\u0644\u064a\u0629 \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a\u0629 \u064a\u062c\u0628 \u0623\u0646 \u064a\u062a\u0636\u0645\u0646 \u0642\u0627\u0626\u0645\u0629 SBOM. \u0648\u062c\u0651\u0647 \u0627\u0644\u0623\u0645\u0631 \u0645\u0639\u0647\u062f NIST \u0644\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u062d\u062f \u0627\u0644\u0623\u062f\u0646\u0649 \u0645\u0646 \u0639\u0646\u0627\u0635\u0631 SBOM\u060c \u0645\u0645\u0627 \u0623\u0633\u0641\u0631 \u0639\u0646 \u0625\u0631\u0634\u0627\u062f\u0627\u062a \u062a\u062a\u0648\u0627\u0641\u0642 \u0645\u0639 \u0645\u0639\u0627\u064a\u064a\u0631 NTIA \u0644\u0642\u0648\u0627\u0626\u0645 SBOM. \u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0645\u0624\u0633\u0633\u062a\u0643 \u062a\u0628\u064a\u0639 \u0644\u0644\u062c\u0647\u0627\u062a \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0641\u0625\u0646 \u062a\u0648\u0644\u064a\u062f SBOM \u0644\u0645 \u064a\u0639\u062f \u0627\u062e\u062a\u064a\u0627\u0631\u064a\u0627\u064b \u2014 \u0628\u0644 \u0647\u0648 \u0634\u0631\u0637 \u0623\u0633\u0627\u0633\u064a \u0644\u0644\u0645\u0634\u062a\u0631\u064a\u0627\u062a.<\/p>\n \u064a\u062a\u0637\u0644\u0628 \u0642\u0627\u0646\u0648\u0646 \u0627\u0644\u0645\u0631\u0648\u0646\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0627\u062a\u062d\u0627\u062f \u0627\u0644\u0623\u0648\u0631\u0648\u0628\u064a<\/strong>\u060c \u0627\u0644\u0630\u064a \u062f\u062e\u0644 \u062d\u064a\u0632 \u0627\u0644\u062a\u0646\u0641\u064a\u0630 \u0641\u064a 2024\u060c \u0645\u0646 \u0627\u0644\u0645\u0635\u0646\u0651\u0639\u064a\u0646 \u0648\u0627\u0644\u0645\u0648\u0632\u0651\u0639\u064a\u0646 \u0644\u0644\u0645\u0646\u062a\u062c\u0627\u062a \u0630\u0627\u062a \u0627\u0644\u0639\u0646\u0627\u0635\u0631 \u0627\u0644\u0631\u0642\u0645\u064a\u0629 \u062a\u0642\u062f\u064a\u0645 \u0642\u0648\u0627\u0626\u0645 SBOM \u0643\u062c\u0632\u0621 \u0645\u0646 \u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u0645\u0637\u0627\u0628\u0642\u0629. \u064a\u064f\u0637\u0628\u0651\u0642 \u0627\u0644\u0642\u0627\u0646\u0648\u0646 \u0639\u0644\u0649 \u0646\u0637\u0627\u0642 \u0648\u0627\u0633\u0639 \u2014 \u0645\u0646 \u0623\u062c\u0647\u0632\u0629 IoT \u0625\u0644\u0649 \u0645\u0646\u0635\u0627\u062a SaaS \u0627\u0644\u0645\u0624\u0633\u0633\u064a\u0629. \u0645\u0639 \u062a\u0635\u0627\u0639\u062f \u0627\u0644\u062c\u062f\u0627\u0648\u0644 \u0627\u0644\u0632\u0645\u0646\u064a\u0629 \u0644\u0644\u062a\u0637\u0628\u064a\u0642 \u062e\u0644\u0627\u0644 2026 \u06482027\u060c \u064a\u062c\u0628 \u0639\u0644\u0649 \u0645\u0646\u062a\u062c\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0644\u0644\u0633\u0648\u0642 \u0627\u0644\u0623\u0648\u0631\u0648\u0628\u064a\u0629 \u062f\u0645\u062c \u062a\u0648\u0644\u064a\u062f SBOM \u0641\u064a \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0647\u0645 \u0627\u0644\u0622\u0646.<\/p>\n \u0628\u0635\u0631\u0641 \u0627\u0644\u0646\u0638\u0631 \u0639\u0646 \u0627\u0644\u0645\u062d\u0631\u0643\u0627\u062a \u0627\u0644\u062a\u0646\u0638\u064a\u0645\u064a\u0629\u060c \u062a\u0642\u062f\u0645 \u0642\u0648\u0627\u0626\u0645 SBOM \u0641\u0648\u0627\u0626\u062f \u062a\u0634\u063a\u064a\u0644\u064a\u0629 \u0645\u0644\u0645\u0648\u0633\u0629:<\/p>\n \u0644\u0645 \u064a\u0639\u062f \u0627\u0644\u0633\u0624\u0627\u0644 \u0647\u0644<\/em> \u064a\u062c\u0628 \u062a\u0648\u0644\u064a\u062f \u0642\u0648\u0627\u0626\u0645 SBOM\u060c \u0628\u0644 \u0623\u064a \u0623\u062f\u0627\u0629<\/em> \u062a\u0633\u062a\u062e\u062f\u0645. \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0645\u0642\u0627\u0631\u0646\u0629\u060c \u0646\u064f\u0642\u064a\u0651\u0645 \u062b\u0644\u0627\u062b \u0623\u062f\u0648\u0627\u062a \u0631\u0627\u0626\u062f\u0629 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0644\u062a\u0648\u0644\u064a\u062f SBOM: Syft<\/strong> \u0648Trivy<\/strong> \u0648CycloneDX CLI<\/strong>.<\/p>\n Syft<\/a> \u0637\u0648\u0651\u0631\u062a\u0647 \u0634\u0631\u0643\u0629 Anchore<\/strong> \u0648\u0635\u064f\u0645\u0651\u0645 \u0644\u0644\u0642\u064a\u0627\u0645 \u0628\u0645\u0647\u0645\u0629 \u0648\u0627\u062d\u062f\u0629 \u0628\u0627\u0645\u062a\u064a\u0627\u0632: \u062a\u0648\u0644\u064a\u062f \u0642\u0648\u0627\u0626\u0645 SBOM \u062f\u0642\u064a\u0642\u0629 \u0648\u0634\u0627\u0645\u0644\u0629. \u0625\u0646\u0647 \u0623\u062f\u0627\u0629 SBOM \u0645\u064f\u062e\u0635\u0651\u0635\u0629\u060c \u0648\u0644\u064a\u0633 \u0645\u0627\u0633\u062d\u0627\u064b \u064a\u064f\u0646\u062a\u062c \u0642\u0648\u0627\u0626\u0645 SBOM \u0643\u0623\u062b\u0631 \u062c\u0627\u0646\u0628\u064a.<\/p>\n \u062a\u0631\u0643\u064a\u0632 Syft \u0627\u0644\u062d\u0635\u0631\u064a \u0639\u0644\u0649 \u062a\u0648\u0644\u064a\u062f SBOM \u064a\u0639\u0646\u064a \u0623\u0646\u0647 \u064a\u0645\u062a\u0644\u0643 \u0623\u0639\u0645\u0642 \u062a\u063a\u0637\u064a\u0629 \u0644\u0644\u0645\u064f\u0641\u0647\u0631\u0633\u0627\u062a \u0645\u0642\u0627\u0631\u0646\u0629 \u0628\u0623\u064a \u0623\u062f\u0627\u0629 \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0645\u0642\u0627\u0631\u0646\u0629. \u064a\u0643\u062a\u0634\u0641 \u0645\u0643\u0648\u0646\u0627\u062a \u062a\u0641\u0648\u062a\u0647\u0627 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0623\u062e\u0631\u0649 \u2014 \u062e\u0627\u0635\u0629 \u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u062b\u0646\u0627\u0626\u064a\u0629 \u0627\u0644\u0645\u064f\u062c\u0645\u0651\u0639\u0629 \u0641\u064a \u062b\u0646\u0627\u0626\u064a\u0627\u062a Go \u0648Rust\u060c \u0648\u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a \u0627\u0644\u0645\u062a\u062f\u0627\u062e\u0644\u0629 \u062f\u0627\u062e\u0644 \u0645\u0644\u0641\u0627\u062a Java uber-jars. \u0645\u0631\u0648\u0646\u0629 \u0635\u064a\u063a \u0627\u0644\u0625\u062e\u0631\u0627\u062c \u0644\u0627 \u0645\u062b\u064a\u0644 \u0644\u0647\u0627\u060c \u0648\u064a\u062a\u0643\u0627\u0645\u0644 \u0623\u0635\u0644\u064a\u0627\u064b \u0645\u0639 \u0645\u0627\u0633\u062d \u0627\u0644\u062b\u063a\u0631\u0627\u062a Grype \u0645\u0646 Anchore.<\/p>\n \u0644\u0627 \u064a\u0642\u0648\u0645 Syft \u0628\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u0646\u0641\u0633\u0647. \u062a\u062d\u062a\u0627\u062c \u0625\u0644\u0649 \u062f\u0645\u062c\u0647 \u0645\u0639 Grype<\/strong> \u0623\u0648 \u0645\u0627\u0633\u062d \u0622\u062e\u0631. \u0647\u0630\u0627 \u064a\u064f\u0639\u062f\u0651 \u0646\u0642\u0637\u0629 \u0642\u0648\u0629 \u0641\u064a \u0627\u0644\u0648\u0627\u0642\u0639 (\u0641\u0644\u0633\u0641\u0629 Unix: \u0627\u0641\u0639\u0644 \u0634\u064a\u0626\u0627\u064b \u0648\u0627\u062d\u062f\u0627\u064b \u0628\u0625\u062a\u0642\u0627\u0646)\u060c \u0644\u0643\u0646\u0647 \u064a\u0639\u0646\u064a \u0623\u062f\u0627\u0629 \u0625\u0636\u0627\u0641\u064a\u0629 \u0641\u064a \u062e\u0637 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u0627\u0644\u062e\u0627\u0635 \u0628\u0643.<\/p>\n Trivy<\/a> \u0637\u0648\u0651\u0631\u062a\u0647 \u0634\u0631\u0643\u0629 Aqua Security<\/strong> \u0648\u0628\u062f\u0623 \u0643\u0645\u0627\u0633\u062d \u062b\u063a\u0631\u0627\u062a \u0644\u0644\u062d\u0627\u0648\u064a\u0627\u062a. \u0645\u0639 \u0645\u0631\u0648\u0631 \u0627\u0644\u0648\u0642\u062a\u060c \u062a\u0637\u0648\u0651\u0631 \u0625\u0644\u0649 \u0623\u062f\u0627\u0629 \u0623\u0645\u0646\u064a\u0629 \u0634\u0627\u0645\u0644\u0629 \u062a\u064f\u0648\u0644\u0651\u062f \u0623\u064a\u0636\u0627\u064b \u0642\u0648\u0627\u0626\u0645 SBOM. \u0623\u064f\u0636\u064a\u0641\u062a \u0642\u062f\u0631\u0629 SBOM \u0643\u0648\u0636\u0639 \u0645\u0633\u062d \u0625\u0644\u0649 \u062c\u0627\u0646\u0628 \u0645\u0633\u062d \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0648\u0627\u0644\u062a\u0643\u0648\u064a\u0646\u0627\u062a \u0627\u0644\u062e\u0627\u0637\u0626\u0629 \u0648\u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0648\u0627\u0644\u062a\u0631\u0627\u062e\u064a\u0635.<\/p>\n \u0623\u0643\u0628\u0631 \u0645\u064a\u0632\u0629 \u0644\u0640 Trivy \u0647\u064a \u0628\u0646\u064a\u062a\u0647 \u0627\u0644\u0634\u0627\u0645\u0644\u0629<\/strong>. \u062b\u0646\u0627\u0626\u064a \u0648\u0627\u062d\u062f \u064a\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u062a\u0648\u0644\u064a\u062f SBOM \u0648\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062a\u0643\u0648\u064a\u0646\u0627\u062a \u0627\u0644\u062e\u0627\u0637\u0626\u0629 \u0648\u0645\u0633\u062d \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0648\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062a\u0631\u0627\u062e\u064a\u0635. \u0647\u0630\u0627 \u064a\u064f\u0642\u0644\u0651\u0644 \u0645\u0646 \u062a\u0639\u0642\u064a\u062f \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631. \u0648\u0647\u0648 \u0623\u064a\u0636\u0627\u064b \u0627\u0644\u0623\u062f\u0627\u0629 \u0627\u0644\u0648\u062d\u064a\u062f\u0629 \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0645\u0642\u0627\u0631\u0646\u0629 \u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0633\u062d \u0645\u062c\u0645\u0648\u0639\u0627\u062a Kubernetes \u0648\u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a \u0627\u0644\u0633\u062d\u0627\u0628\u064a\u0629 \u0645\u0628\u0627\u0634\u0631\u0629. \u062a\u064f\u062d\u062f\u064e\u0651\u062b \u0642\u0627\u0639\u062f\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u0634\u0643\u0644 \u0645\u062a\u0643\u0631\u0631 \u0648\u062a\u064f\u063a\u0637\u064a \u0645\u0635\u0627\u062f\u0631 \u0645\u062a\u0639\u062f\u062f\u0629 (NVD \u0648\u0627\u0633\u062a\u0634\u0627\u0631\u0627\u062a \u0627\u0644\u0628\u0627\u0626\u0639\u064a\u0646 \u0648GitHub Security Advisories).<\/p>\n \u0646\u0638\u0631\u0627\u064b \u0644\u0623\u0646 \u062a\u0648\u0644\u064a\u062f SBOM \u0641\u064a Trivy \u0647\u0648 \u0645\u064a\u0632\u0629 \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0628\u064a\u0646 \u0627\u0644\u0639\u062f\u064a\u062f\u060c \u0641\u0625\u0646 \u0639\u0645\u0642 \u0627\u0644\u0645\u064f\u0641\u0647\u0631\u0633\u0627\u062a \u0642\u062f \u064a\u062a\u0623\u062e\u0631 \u0639\u0646 Syft \u0641\u064a \u062d\u0627\u0644\u0627\u062a \u062e\u0627\u0635\u0629 \u2014 \u0644\u0627 \u0633\u064a\u0645\u0627 \u0641\u064a \u0627\u0644\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062b\u0646\u0627\u0626\u064a \u0644\u062b\u0646\u0627\u0626\u064a\u0627\u062a Go\/Rust \u0627\u0644\u0645\u064f\u062c\u0645\u0651\u0639\u0629 \u0648\u0639\u0646\u0627\u0635\u0631 Java \u0627\u0644\u0645\u062a\u062f\u0627\u062e\u0644\u0629 \u0628\u0639\u0645\u0642. \u0623\u064f\u0636\u064a\u0641 \u062f\u0639\u0645 SPDX \u0644\u0627\u062d\u0642\u0627\u064b \u0628\u0639\u062f CycloneDX\u060c \u0644\u0630\u0627 \u062a\u0645\u064a\u0644 \u0645\u062e\u0631\u062c\u0627\u062a CycloneDX \u0625\u0644\u0649 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0623\u0643\u062b\u0631 \u0627\u0643\u062a\u0645\u0627\u0644\u0627\u064b \u0641\u064a \u0628\u0639\u0636 \u0627\u0644\u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a. \u0627\u0644\u0637\u0628\u064a\u0639\u0629 \u0627\u0644\u0634\u0627\u0645\u0644\u0629 \u062a\u0639\u0646\u064a \u0623\u064a\u0636\u0627\u064b \u062b\u0646\u0627\u0626\u064a\u0627\u064b \u0623\u0643\u0628\u0631 \u062d\u062c\u0645\u0627\u064b \u0648\u062a\u0646\u0632\u064a\u0644\u0627\u062a \u0623\u0648\u0644\u064a\u0629 \u0623\u0637\u0648\u0644 \u0644\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.<\/p>\n CycloneDX CLI<\/a> \u062c\u0632\u0621 \u0645\u0646 \u0645\u0634\u0631\u0648\u0639 OWASP CycloneDX<\/strong>. \u0639\u0644\u0649 \u0639\u0643\u0633 Syft \u0648Trivy\u060c \u0641\u0647\u0648 \u0644\u064a\u0633 \u0641\u064a \u0627\u0644\u0623\u0633\u0627\u0633 \u0645\u064f\u0648\u0644\u0651\u062f<\/em> SBOM \u0645\u0646 \u0627\u0644\u0634\u064a\u0641\u0631\u0629 \u0627\u0644\u0645\u0635\u062f\u0631\u064a\u0629 \u0623\u0648 \u0635\u0648\u0631 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a. \u0628\u0644 \u0647\u0648 \u0645\u062c\u0645\u0648\u0639\u0629 \u0623\u062f\u0648\u0627\u062a \u0644\u0645\u0639\u0627\u0644\u062c\u0629 \u0648\u062a\u062d\u0648\u064a\u0644 \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0648\u062f\u0645\u062c \u0648\u0645\u0642\u0627\u0631\u0646\u0629<\/strong> \u0642\u0648\u0627\u0626\u0645 CycloneDX SBOM. \u064a\u062a\u0636\u0645\u0646 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0628\u064a\u0626\u064a \u0627\u0644\u0623\u0648\u0633\u0639 \u0644\u0640 CycloneDX \u0625\u0636\u0627\u0641\u0627\u062a \u062a\u0648\u0644\u064a\u062f SBOM \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0643\u0644 \u0644\u063a\u0629 (\u0645\u062b\u0644 \u0646\u0647\u062c \u0627\u0644\u062a\u0648\u0644\u064a\u062f \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621<\/strong> \u0641\u064a \u0646\u0638\u0627\u0645 CycloneDX \u0627\u0644\u0628\u064a\u0626\u064a \u064a\u064f\u0646\u062a\u062c \u0623\u062f\u0642 \u0642\u0648\u0627\u0626\u0645 SBOM \u0644\u0623\u0646\u0647 \u064a\u062a\u0635\u0644 \u0628\u0622\u0644\u064a\u0629 \u062d\u0644 \u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a \u0627\u0644\u0641\u0639\u0644\u064a\u0629 \u0644\u0623\u062f\u0627\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 \u2014 \u0648\u0644\u064a\u0633 \u0645\u0633\u062d\u0627\u064b \u0644\u0627\u062d\u0642\u0627\u064b \u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0644\u0641\u0627\u062a. \u0642\u062f\u0631\u0629 \u0627\u0644\u062f\u0645\u062c \u0641\u064a CLI \u0644\u0627 \u062a\u064f\u0642\u062f\u0651\u0631 \u0628\u062b\u0645\u0646 \u0644\u0644\u0645\u0633\u062a\u0648\u062f\u0639\u0627\u062a \u0627\u0644\u0623\u062d\u0627\u062f\u064a\u0629 \u0648\u0628\u064f\u0646\u0649 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0644\u0645\u0635\u063a\u0651\u0631\u0629 \u062d\u064a\u062b \u062a\u062d\u062a\u0627\u062c \u0625\u0644\u0649 \u062f\u0645\u062c \u0642\u0648\u0627\u0626\u0645 SBOM \u0644\u0643\u0644 \u062e\u062f\u0645\u0629 \u0641\u064a \u0642\u0627\u0626\u0645\u0629 SBOM \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0645\u0646\u062a\u062c. \u064a\u0636\u0645\u0646 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0645\u062e\u0637\u0637 \u0623\u0646 \u0642\u0648\u0627\u0626\u0645 SBOM \u062a\u062a\u0648\u0627\u0641\u0642 \u0645\u0639 \u0627\u0644\u0645\u0648\u0627\u0635\u0641\u0627\u062a \u0642\u0628\u0644 \u0627\u0644\u062a\u0648\u0632\u064a\u0639. \u062f\u0639\u0645 VEX \u0647\u0648 \u0627\u0644\u0623\u0643\u062b\u0631 \u0646\u0636\u062c\u0627\u064b \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0628\u064a\u0626\u064a.<\/p>\n \u064a\u062a\u0637\u0644\u0628 \u0646\u0647\u062c CycloneDX \u062f\u0645\u062c \u0625\u0636\u0627\u0641\u0629 \u062e\u0627\u0635\u0629 \u0628\u0643\u0644 \u0644\u063a\u0629<\/strong> \u0641\u064a \u0646\u0638\u0627\u0645 \u0627\u0644\u0628\u0646\u0627\u0621 \u0627\u0644\u062e\u0627\u0635 \u0628\u0643. \u0647\u0630\u0627 \u0639\u0645\u0644 \u0623\u0643\u062b\u0631 \u0645\u0646 \u062a\u0634\u063a\u064a\u0644 \u062b\u0646\u0627\u0626\u064a \u0648\u0627\u062d\u062f \u0639\u0644\u0649 \u0635\u0648\u0631\u0629 \u062d\u0627\u0648\u064a\u0629. CLI \u0646\u0641\u0633\u0647 \u0644\u0627 \u064a\u0645\u0633\u062d \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a \u0623\u0648 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u062d\u062b\u0627\u064b \u0639\u0646 \u0627\u0644\u062d\u0632\u0645 \u2014 \u062a\u062d\u062a\u0627\u062c \u0625\u0644\u0649 \u0625\u0636\u0627\u0641\u0627\u062a \u0627\u0644\u0644\u063a\u0627\u062a \u0644\u0644\u062a\u0648\u0644\u064a\u062f. \u062f\u0639\u0645 SPDX \u0645\u062d\u062f\u0648\u062f \u0645\u0642\u0627\u0631\u0646\u0629 \u0628\u0640 Syft \u0648Trivy. \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0623\u0643\u062b\u0631 \u062a\u062c\u0632\u0624\u0627\u064b (CLI + \u0625\u0636\u0627\u0641\u0627\u062a \u0645\u062a\u0639\u062f\u062f\u0629) \u0645\u0642\u0627\u0628\u0644 \u062b\u0646\u0627\u0626\u064a \u0648\u0627\u062d\u062f.<\/p>\n \u062f\u0642\u0629 SBOM \u0647\u064a \u0623\u0647\u0645 \u0639\u0627\u0645\u0644 \u062a\u0645\u064a\u064a\u0632. \u0642\u0627\u0626\u0645\u0629 SBOM \u063a\u064a\u0631 \u0645\u0643\u062a\u0645\u0644\u0629 \u0623\u0633\u0648\u0623 \u0645\u0646 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0642\u0627\u0626\u0645\u0629 SBOM \u2014 \u0641\u0647\u064a \u062a\u0645\u0646\u062d \u062b\u0642\u0629 \u0632\u0627\u0626\u0641\u0629.<\/p>\n \u0625\u0636\u0627\u0641\u0627\u062a CycloneDX \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621<\/strong> \u062a\u062a\u0641\u0648\u0642 \u0641\u064a \u0627\u0644\u062f\u0642\u0629 \u0644\u0633\u0628\u0628 \u0648\u0627\u0636\u062d: \u0641\u0647\u064a \u062a\u062a\u0635\u0644 \u0628\u0645\u064f\u062d\u0644\u0651\u0644 \u0645\u062f\u064a\u0631 \u0627\u0644\u062d\u0632\u0645 \u0623\u062b\u0646\u0627\u0621 \u0627\u0644\u0628\u0646\u0627\u0621. \u0639\u0646\u062f\u0645\u0627 \u064a\u0639\u0645\u0644 Syft<\/strong> \u064a\u0623\u062a\u064a \u062b\u0627\u0646\u064a\u0627\u064b. \u0628\u0646\u064a\u0629 \u0627\u0644\u0645\u064f\u0641\u0647\u0631\u0633\u0627\u062a \u0645\u064f\u0639\u062f\u0651\u0629 \u062e\u0635\u064a\u0635\u0627\u064b \u0644\u062a\u062d\u0644\u064a\u0644 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0642\u0641\u0644 \u0648\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0648\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0627\u0644\u062b\u0646\u0627\u0626\u064a\u0629 \u0628\u062f\u0642\u0629 \u0639\u0627\u0644\u064a\u0629. \u064a\u062a\u0641\u0648\u0642 Syft \u0641\u064a \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0645\u0643\u0648\u0646\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0641\u0648\u062a\u0647\u0627 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0623\u062e\u0631\u0649 \u2014 \u062e\u0627\u0635\u0629 \u062b\u0646\u0627\u0626\u064a\u0627\u062a Go (\u0627\u0644\u062a\u064a \u062a\u064f\u0636\u0645\u0651\u0646 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0648\u062d\u062f\u0627\u062a)\u060c \u0648\u062b\u0646\u0627\u0626\u064a\u0627\u062a Rust\u060c \u0648\u0645\u0644\u0641\u0627\u062a Java uber-jars \u0630\u0627\u062a \u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a \u0627\u0644\u0645\u064f\u0636\u0645\u0651\u0646\u0629.<\/p>\n Trivy<\/strong> \u062c\u064a\u062f \u062c\u062f\u0627\u064b \u0644\u0645\u0639\u0638\u0645 \u062d\u0627\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0644\u0643\u0646\u0647 \u0642\u062f \u064a\u0641\u0648\u0651\u062a \u062d\u0627\u0644\u0627\u062a \u062e\u0627\u0635\u0629 \u0641\u064a \u0627\u0644\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062b\u0646\u0627\u0626\u064a. \u0642\u0648\u062a\u0647 \u0641\u064a \u0627\u0644\u0627\u062a\u0633\u0627\u0639 \u2014 \u064a\u064f\u063a\u0637\u064a \u0623\u0646\u0648\u0627\u0639 \u0645\u0635\u0627\u062f\u0631 \u0623\u0643\u062b\u0631 (Kubernetes \u0648\u0627\u0644\u0633\u062d\u0627\u0628\u0629) \u062d\u062a\u0649 \u0644\u0648 \u0643\u0627\u0646 \u0627\u0644\u0639\u0645\u0642 \u0644\u0643\u0644 \u0645\u0635\u062f\u0631 \u0623\u0642\u0644 \u0642\u0644\u064a\u0644\u0627\u064b \u0645\u0646 Syft \u0641\u064a \u0628\u0639\u0636 \u0627\u0644\u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a.<\/p>\n \u062a\u062a\u0643\u0627\u0645\u0644 \u062c\u0645\u064a\u0639 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u062b\u0644\u0627\u062b \u0645\u0639 \u062e\u0637\u0648\u0637 \u0625\u0646\u062a\u0627\u062c CI\/CD\u060c \u0644\u0643\u0646 \u0623\u0646\u0645\u0627\u0637 \u0627\u0644\u062a\u0643\u0627\u0645\u0644 \u062a\u062e\u062a\u0644\u0641 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631:<\/p>\n \u064a\u0648\u0641\u0631 Syft GitHub Action<\/strong> \u0631\u0633\u0645\u064a ( \u064a\u0648\u0641\u0631 Trivy \u0623\u0648\u0633\u0639 \u0633\u0637\u062d \u062a\u0643\u0627\u0645\u0644 \u0645\u0639 CI\/CD: GitHub Action<\/strong> ( \u064a\u062a\u0637\u0644\u0628 \u062a\u0643\u0627\u0645\u0644 CycloneDX \u0625\u0636\u0627\u0641\u0629 \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0627\u0644\u0645\u0646\u0627\u0633\u0628\u0629 \u0644\u0644\u063a\u0629<\/strong> \u0625\u0644\u0649 \u062a\u0643\u0648\u064a\u0646 \u0627\u0644\u0628\u0646\u0627\u0621 \u0627\u0644\u062e\u0627\u0635 \u0628\u0643. \u0644\u0640 Maven\u060c \u062a\u0636\u064a\u0641 \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 POM. \u0644\u0640 npm\u060c \u062a\u0636\u064a\u0641 \u0633\u0643\u0631\u064a\u0628\u062a \u064a\u0633\u062a\u062f\u0639\u064a \u0639\u0645\u0644\u064a\u0627\u064b\u060c \u062a\u062c\u0645\u0639 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0627\u0644\u0646\u0627\u0636\u062c\u0629 \u0628\u064a\u0646 \u0647\u0630\u0647 \u0627\u0644\u0623\u062f\u0648\u0627\u062a. \u0625\u0644\u064a\u0643 \u0646\u0645\u0637 \u062e\u0637 \u0625\u0646\u062a\u0627\u062c \u064a\u0633\u062a\u0641\u064a\u062f \u0645\u0646 \u0646\u0642\u0627\u0637 \u0642\u0648\u0629 \u0643\u0644 \u0645\u0646\u0647\u0627:<\/p>\n \u064a\u062d\u0642\u0642 \u062e\u0637 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u0647\u0630\u0627 \u0623\u0641\u0636\u0644 \u0645\u0627 \u0641\u064a \u062c\u0645\u064a\u0639 \u0627\u0644\u0639\u0648\u0627\u0644\u0645: \u062a\u0648\u0641\u0631 \u0625\u0636\u0627\u0641\u0627\u062a CycloneDX \u062f\u0642\u0629 \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621\u060c \u0648\u064a\u064f\u0636\u064a\u0641 Syft \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062d\u0632\u0645 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u062d\u0627\u0648\u064a\u0629\u060c \u0648\u064a\u062f\u0645\u062c CycloneDX CLI \u0642\u0648\u0627\u0626\u0645 SBOM \u0627\u0644\u0645\u064f\u062f\u0645\u062c\u0629 \u0648\u064a\u062a\u062d\u0642\u0642 \u0645\u0646\u0647\u0627\u060c \u0648\u064a\u0641\u062d\u0635 Trivy \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0643\u0628\u0648\u0627\u0628\u0629 \u062c\u0648\u062f\u0629\u060c \u0648\u064a\u0648\u0641\u0631 cosign \u0627\u0644\u062a\u0635\u062f\u064a\u0642 \u0627\u0644\u062a\u0634\u0641\u064a\u0631\u064a.<\/p>\n \u0627\u0644\u0633\u0631\u0639\u0629 \u0645\u0647\u0645\u0629 \u0641\u064a \u062e\u0637\u0648\u0637 \u0625\u0646\u062a\u0627\u062c CI\/CD \u062d\u064a\u062b \u0644\u0643\u0644 \u062f\u0642\u064a\u0642\u0629 \u0645\u0646 \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u062a\u0643\u0644\u0641\u0629:<\/p>\n SBOM \u063a\u064a\u0631 \u0645\u0648\u0642\u0651\u0639 \u0647\u0648 \u0645\u0633\u062a\u0646\u062f “\u062b\u0642 \u0628\u064a”. \u0644\u0643\u064a \u064a\u0643\u0648\u0646 \u0644\u0642\u0648\u0627\u0626\u0645 SBOM \u0642\u064a\u0645\u0629 \u062d\u0642\u064a\u0642\u064a\u0629 \u0641\u064a \u0623\u0645\u0646 \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f\u060c \u064a\u062c\u0628 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0645\u0648\u0642\u0651\u0639\u0629 \u062a\u0634\u0641\u064a\u0631\u064a\u0627\u064b \u0648\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u0639\u0646\u0635\u0631 \u0627\u0644\u0630\u064a \u062a\u0635\u0641\u0647.<\/p>\n Syft + cosign<\/strong> \u0647\u0648 \u0633\u064a\u0631 \u0639\u0645\u0644 \u0627\u0644\u062a\u0635\u062f\u064a\u0642 \u0627\u0644\u0623\u0643\u062b\u0631 \u0646\u0636\u062c\u0627\u064b. \u0627\u0633\u062a\u062b\u0645\u0631\u062a Anchore \u0628\u0643\u062b\u0627\u0641\u0629 \u0641\u064a \u062f\u0639\u0645 \u062a\u0635\u062f\u064a\u0642\u0627\u062a SLSA \u0648in-toto\u060c \u0648\u0635\u064f\u0645\u0651\u0645\u062a \u0645\u062e\u0631\u062c\u0627\u062a Syft \u0644\u062a\u064f\u063a\u0630\u0651\u064a Trivy<\/strong> \u064a\u062f\u0639\u0645 \u0627\u0644\u062a\u0635\u062f\u064a\u0642 \u0627\u0644\u0645\u0628\u0646\u064a \u0639\u0644\u0649 cosign \u0648\u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u062a\u0635\u062f\u064a\u0642\u0627\u062a \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629. \u0645\u062e\u0631\u062c\u0627\u062a CycloneDX<\/strong> \u064a\u062f\u0639\u0645 BOM-Link\u060c \u0627\u0644\u0630\u064a \u064a\u0648\u0641\u0631 \u0622\u0644\u064a\u0629 \u0631\u0628\u0637 \u0642\u0627\u0626\u0645\u0629 \u0639\u0644\u0649 URI \u0628\u064a\u0646 \u0642\u0648\u0627\u0626\u0645 SBOM \u0648\u0627\u0644\u0639\u0646\u0627\u0635\u0631 \u0627\u0644\u062a\u064a \u062a\u0635\u0641\u0647\u0627. \u0645\u0639 Sigstore \u0623\u0648 in-toto\u060c \u064a\u0646\u0634\u0626 \u0647\u0630\u0627 \u0633\u0644\u0633\u0644\u0629 \u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0645\u0635\u062f\u0631 \u0625\u0644\u0649 \u0627\u0644\u0646\u0634\u0631.<\/p>\n \u0644\u0627 \u062a\u0648\u062c\u062f \u0623\u062f\u0627\u0629 SBOM \u0648\u0627\u062d\u062f\u0629 “\u0623\u0641\u0636\u0644” \u2014 \u0627\u0644\u0627\u062e\u062a\u064a\u0627\u0631 \u0627\u0644\u0635\u062d\u064a\u062d \u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u062d\u062a\u064a\u0627\u062c\u0627\u062a\u0643 \u0627\u0644\u0645\u062d\u062f\u062f\u0629. \u0644\u0623\u0639\u0645\u0642 \u062a\u0648\u0644\u064a\u062f SBOM\u060c Syft<\/strong> \u0647\u0648 \u0627\u0644\u0645\u0639\u064a\u0627\u0631 \u0627\u0644\u0630\u0647\u0628\u064a. \u0644\u0644\u0628\u0633\u0627\u0637\u0629 \u0627\u0644\u0634\u0627\u0645\u0644\u0629\u060c Trivy<\/strong> \u064a\u064f\u0642\u0644\u0651\u0644 \u062a\u0639\u0642\u064a\u062f \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631. \u0644\u062f\u0642\u0629 \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0648\u0625\u062f\u0627\u0631\u0629 \u062f\u0648\u0631\u0629 \u062d\u064a\u0627\u0629 SBOM\u060c \u0646\u0638\u0627\u0645 CycloneDX \u0627\u0644\u0628\u064a\u0626\u064a<\/strong> \u0644\u0627 \u0645\u062b\u064a\u0644 \u0644\u0647.<\/p>\n \u0623\u0642\u0648\u0649 \u0646\u0647\u062c \u0647\u0648 \u0627\u0644\u062c\u0645\u0639 \u0628\u064a\u0646\u0647\u0627: \u0627\u0633\u062a\u062e\u062f\u0645 \u0625\u0636\u0627\u0641\u0627\u062a CycloneDX \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0644\u0623\u0642\u0635\u0649 \u062f\u0642\u0629\u060c \u0648Syft \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u062d\u0627\u0648\u064a\u0629\u060c \u0648CycloneDX CLI \u0644\u0644\u062f\u0645\u062c \u0648\u0627\u0644\u062a\u062d\u0642\u0642\u060c \u0648Trivy \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a. \u0623\u0636\u0641 \u062a\u0635\u062f\u064a\u0642 cosign \u0641\u0648\u0642 \u0630\u0644\u0643\u060c \u0648\u0633\u062a\u062d\u0635\u0644 \u0639\u0644\u0649 \u062e\u0637 \u0625\u0646\u062a\u0627\u062c SBOM \u0628\u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u064a\u064f\u0644\u0628\u0651\u064a EO 14028 \u0648\u0642\u0627\u0646\u0648\u0646 CRA \u0627\u0644\u0623\u0648\u0631\u0648\u0628\u064a \u0648\u0627\u062d\u062a\u064a\u0627\u062c\u0627\u062a\u0643 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u064a\u0629.<\/p>\n \u0645\u0633\u062a\u0639\u062f \u0644\u0628\u0646\u0627\u0621 \u062e\u0637 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u0647\u0630\u0627 \u0639\u0645\u0644\u064a\u0627\u064b\u061f \u0627\u0637\u0651\u0644\u0639 \u0639\u0644\u0649 \u0645\u062e\u062a\u0628\u0631 SBOM<\/a> \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0634\u0631\u062d \u062e\u0637\u0648\u0629 \u0628\u062e\u0637\u0648\u0629 \u0645\u0639 \u0635\u0648\u0631 \u062d\u0627\u0648\u064a\u0627\u062a \u062d\u0642\u064a\u0642\u064a\u0629 \u0648\u0642\u0648\u0627\u0644\u0628 CI\/CD.<\/p>\n","protected":false},"excerpt":{"rendered":" \u0644\u0645\u0627\u0630\u0627 \u062a\u064f\u0639\u062f\u0651 \u0642\u0648\u0627\u0626\u0645 SBOM \u0645\u0647\u0645\u0629: \u0627\u0644\u0636\u0631\u0648\u0631\u0629 \u0627\u0644\u062a\u0646\u0638\u064a\u0645\u064a\u0629 \u0648\u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0642\u0627\u0626\u0645\u0629 \u0645\u0643\u0648\u0646\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a (Software Bill of Materials – SBOM) \u0647\u064a \u062c\u0631\u062f \u0631\u0633\u0645\u064a \u0642\u0627\u0628\u0644 \u0644\u0644\u0642\u0631\u0627\u0621\u0629 \u0622\u0644\u064a\u0627\u064b \u0644\u0643\u0644 \u0645\u0643\u0648\u0651\u0646 \u0648\u0645\u0643\u062a\u0628\u0629 \u0648\u062a\u0628\u0639\u064a\u0629 \u062a\u064f\u0634\u0643\u0651\u0644 \u062c\u0632\u0621\u0627\u064b \u0645\u0646 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c. \u0641\u0643\u0651\u0631 \u0641\u064a\u0647\u0627 \u0643\u0645\u0644\u0635\u0642 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u063a\u0630\u0627\u0626\u064a\u0629 \u0644\u062a\u0637\u0628\u064a\u0642\u0643 \u2014 \u0644\u0643\u0646 \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0627\u0644\u0633\u0639\u0631\u0627\u062a \u0627\u0644\u062d\u0631\u0627\u0631\u064a\u0629 \u0648\u0627\u0644\u0635\u0648\u062f\u064a\u0648\u0645\u060c \u0641\u0623\u0646\u062a \u062a\u0633\u0631\u062f \u0627\u0644\u062d\u0632\u0645 \u0648\u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0648\u0627\u0644\u062a\u0631\u0627\u062e\u064a\u0635 \u0648\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631. \u0627\u0646\u062a\u0642\u0644\u062a \u0642\u0648\u0627\u0626\u0645 SBOM \u0645\u0646 … \u0627\u0642\u0631\u0623 \u0627\u0644\u0645\u0632\u064a\u062f<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,66,27,62],"tags":[],"post_folder":[],"class_list":{"0":"post-806","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-ci-cd-security","8":"category-software-supply-chain"},"_links":{"self":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/comments?post=806"}],"version-history":[{"count":1,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/806\/revisions"}],"predecessor-version":[{"id":859,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/806\/revisions\/859"}],"wp:attachment":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/media?parent=806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/categories?post=806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/tags?post=806"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/post_folder?post=806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\u0642\u0627\u0646\u0648\u0646 \u0627\u0644\u0645\u0631\u0648\u0646\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0627\u062a\u062d\u0627\u062f \u0627\u0644\u0623\u0648\u0631\u0648\u0628\u064a (CRA)<\/h3>\n
\u0645\u0627 \u0648\u0631\u0627\u0621 \u0627\u0644\u0627\u0645\u062a\u062b\u0627\u0644: \u0627\u0644\u0642\u064a\u0645\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u064a\u0629<\/h3>\n
\n
Syft: \u0645\u064f\u0648\u0644\u0651\u062f SBOM \u0627\u0644\u0645\u064f\u062e\u0635\u0651\u0635 \u0645\u0646 Anchore<\/h2>\n
\u0627\u0644\u0642\u062f\u0631\u0627\u062a \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629<\/h3>\n
\n
cosign<\/code> \u0648in-toto<\/code>. \u064a\u0645\u0643\u0646\u0643 \u062a\u0648\u062c\u064a\u0647 \u0645\u062e\u0631\u062c\u0627\u062a SBOM \u0645\u0646 Syft \u0645\u0628\u0627\u0634\u0631\u0629 \u0625\u0644\u0649 cosign attest<\/code> \u0644\u0625\u0646\u062a\u0627\u062c \u062a\u0635\u062f\u064a\u0642\u0627\u062a SBOM \u0645\u0648\u0642\u0651\u0639\u0629.<\/li>\n<\/ul>\n\u0646\u0642\u0627\u0637 \u0627\u0644\u0642\u0648\u0629<\/h3>\n
\u0627\u0644\u0642\u064a\u0648\u062f<\/h3>\n
\u0623\u0645\u062b\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645<\/h3>\n
# Generate CycloneDX SBOM from a container image\nsyft packages registry.example.com\/myapp:latest -o cyclonedx-json > sbom.cdx.json\n\n# Generate SPDX SBOM from a local directory\nsyft dir:\/path\/to\/source -o spdx-json > sbom.spdx.json\n\n# Attest the SBOM with cosign\ncosign attest --predicate sbom.cdx.json --type cyclonedx my-image:latest<\/code><\/pre>\nTrivy: \u0627\u0644\u0645\u0627\u0633\u062d \u0627\u0644\u0634\u0627\u0645\u0644 \u0645\u0646 Aqua Security \u0645\u0639 \u0648\u0636\u0639 SBOM<\/h2>\n
\u0627\u0644\u0642\u062f\u0631\u0627\u062a \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629<\/h3>\n
\n
trivy image --format cosign-vuln<\/code>\u060c \u0648\u064a\u062a\u0643\u0627\u0645\u0644 \u0645\u0639 cosign \u0644\u0633\u064a\u0631 \u0639\u0645\u0644 \u062a\u0635\u062f\u064a\u0642 SBOM.<\/li>\n<\/ul>\n\u0646\u0642\u0627\u0637 \u0627\u0644\u0642\u0648\u0629<\/h3>\n
\u0627\u0644\u0642\u064a\u0648\u062f<\/h3>\n
\u0623\u0645\u062b\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645<\/h3>\n
# Generate CycloneDX SBOM from a container image\ntrivy image --format cyclonedx --output sbom.cdx.json registry.example.com\/myapp:latest\n\n# Generate SPDX SBOM from a filesystem\ntrivy fs --format spdx-json --output sbom.spdx.json \/path\/to\/source\n\n# Scan an existing SBOM for vulnerabilities\ntrivy sbom sbom.cdx.json\n\n# Combined: generate SBOM + scan in one pass\ntrivy image --format json --list-all-pkgs registry.example.com\/myapp:latest<\/code><\/pre>\nCycloneDX CLI: \u0645\u062c\u0645\u0648\u0639\u0629 \u0623\u062f\u0648\u0627\u062a SBOM \u0627\u0644\u0623\u0635\u0644\u064a\u0629 \u0645\u0646 OWASP<\/h2>\n
cyclonedx-maven-plugin<\/code> \u0648cyclonedx-npm<\/code> \u0648cyclonedx-gomod<\/code>) \u0627\u0644\u062a\u064a \u062a\u064f\u0646\u062a\u062c \u0642\u0648\u0627\u0626\u0645 SBOM \u0623\u062b\u0646\u0627\u0621 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 \u0646\u0641\u0633\u0647\u0627.<\/p>\n\u0627\u0644\u0642\u062f\u0631\u0627\u062a \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629<\/h3>\n
\n
\u0646\u0642\u0627\u0637 \u0627\u0644\u0642\u0648\u0629<\/h3>\n
\u0627\u0644\u0642\u064a\u0648\u062f<\/h3>\n
\u0623\u0645\u062b\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645<\/h3>\n
# Generate SBOM during Maven build\nmvn org.cyclonedx:cyclonedx-maven-plugin:makeBom\n\n# Generate SBOM from npm project\nnpx @cyclonedx\/cyclonedx-npm --output-file sbom.cdx.json\n\n# Merge multiple SBOMs\ncyclonedx merge --input-files sbom-api.cdx.json sbom-frontend.cdx.json --output-file product-sbom.cdx.json\n\n# Validate an SBOM against the schema\ncyclonedx validate --input-file sbom.cdx.json --fail-on-errors\n\n# Diff two SBOMs to see what changed between releases\ncyclonedx diff --from v1-sbom.cdx.json --to v2-sbom.cdx.json<\/code><\/pre>\n\u062c\u062f\u0648\u0644 \u0627\u0644\u0645\u0642\u0627\u0631\u0646\u0629 \u0627\u0644\u0645\u0628\u0627\u0634\u0631\u0629<\/h2>\n
\n\n
\n \n\u0627\u0644\u0645\u064a\u0632\u0629<\/th>\n Syft<\/th>\n Trivy<\/th>\n CycloneDX CLI + \u0627\u0644\u0625\u0636\u0627\u0641\u0627\u062a<\/th>\n<\/tr>\n<\/thead>\n \n \u0627\u0644\u063a\u0631\u0636 \u0627\u0644\u0623\u0633\u0627\u0633\u064a<\/strong><\/td>\n \u062a\u0648\u0644\u064a\u062f SBOM<\/td>\n \u0645\u0627\u0633\u062d \u0623\u0645\u0646\u064a \u0634\u0627\u0645\u0644<\/td>\n \u0645\u0639\u0627\u0644\u062c\u0629 SBOM + \u0627\u0644\u062a\u0648\u0644\u064a\u062f \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621<\/td>\n<\/tr>\n \n \u0645\u062e\u0631\u062c\u0627\u062a SPDX<\/strong><\/td>\n JSON \u0648tag-value (\u0645\u0645\u062a\u0627\u0632)<\/td>\n JSON (\u062c\u064a\u062f)<\/td>\n \u062a\u062d\u0648\u064a\u0644 \u0645\u062d\u062f\u0648\u062f \u0641\u0642\u0637<\/td>\n<\/tr>\n \n \u0645\u062e\u0631\u062c\u0627\u062a CycloneDX<\/strong><\/td>\n JSON \u0648XML (\u0645\u0645\u062a\u0627\u0632)<\/td>\n JSON (\u0645\u0645\u062a\u0627\u0632)<\/td>\n JSON \u0648XML \u0648Protobuf (\u0623\u0635\u0644\u064a\u060c \u0627\u0644\u0623\u0641\u0636\u0644)<\/td>\n<\/tr>\n \n \u0645\u0633\u062d \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a<\/strong><\/td>\n \u0646\u0639\u0645 (\u0633\u062c\u0644\u060c daemon\u060c tarball)<\/td>\n \u0646\u0639\u0645 (\u0633\u062c\u0644\u060c daemon\u060c tarball)<\/td>\n \u0644\u0627 (\u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0641\u0642\u0637)<\/td>\n<\/tr>\n \n \u0645\u0633\u062d \u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0644\u0641\u0627\u062a<\/strong><\/td>\n \u0646\u0639\u0645<\/td>\n \u0646\u0639\u0645<\/td>\n \u0639\u0628\u0631 \u0625\u0636\u0627\u0641\u0627\u062a \u0627\u0644\u0644\u063a\u0627\u062a<\/td>\n<\/tr>\n \n \u0627\u0644\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062b\u0646\u0627\u0626\u064a<\/strong><\/td>\n \u0642\u0648\u064a (\u062b\u0646\u0627\u0626\u064a\u0627\u062a Go \u0648Rust)<\/td>\n \u0645\u062a\u0648\u0633\u0637<\/td>\n \u0644\u0627 \u064a\u0648\u062c\u062f<\/td>\n<\/tr>\n \n \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a<\/strong><\/td>\n \u0644\u0627 (\u0627\u0633\u062a\u062e\u062f\u0645 Grype)<\/td>\n \u0646\u0639\u0645 (\u0645\u064f\u062f\u0645\u062c)<\/td>\n \u0644\u0627 (\u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0627\u0629 \u0645\u0646\u0641\u0635\u0644\u0629)<\/td>\n<\/tr>\n \n \u0627\u0644\u062f\u0642\u0629 (\u0639\u0645\u0642 \u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a)<\/strong><\/td>\n \u0645\u0645\u062a\u0627\u0632<\/td>\n \u062c\u064a\u062f \u062c\u062f\u0627\u064b<\/td>\n \u0627\u0644\u0623\u0641\u0636\u0644 (\u062d\u0644 \u0648\u0642\u062a \u0627\u0644\u0628\u0646\u0627\u0621)<\/td>\n<\/tr>\n \n \u062f\u0645\u062c\/\u0645\u0642\u0627\u0631\u0646\u0629 SBOM<\/strong><\/td>\n \u0644\u0627<\/td>\n \u0644\u0627<\/td>\n \u0646\u0639\u0645 (\u0623\u0635\u0644\u064a)<\/td>\n<\/tr>\n \n \u062f\u0639\u0645 VEX<\/strong><\/td>\n \u0639\u0628\u0631 Grype\/Vunnel<\/td>\n \u062f\u0639\u0645 OpenVEX<\/td>\n VEX \u0623\u0635\u0644\u064a \u0645\u0646 CycloneDX<\/td>\n<\/tr>\n \n \u062a\u0648\u0642\u064a\u0639 \u0627\u0644\u062a\u0635\u062f\u064a\u0642<\/strong><\/td>\n \u0639\u0628\u0631 \u062a\u0643\u0627\u0645\u0644 cosign<\/td>\n \u0639\u0628\u0631 \u062a\u0643\u0627\u0645\u0644 cosign<\/td>\n \u062a\u0635\u062f\u064a\u0642 BOM-Link<\/td>\n<\/tr>\n \n \u062a\u0643\u0627\u0645\u0644 CI\/CD<\/strong><\/td>\n GitHub Action \u0648CLI<\/td>\n GitHub Action \u0648CLI \u0648\u0645\u064f\u0634\u063a\u0651\u0644 Kubernetes<\/td>\n \u0625\u0636\u0627\u0641\u0629 \u0628\u0646\u0627\u0621 \u0644\u0643\u0644 \u0644\u063a\u0629<\/td>\n<\/tr>\n \n \u0627\u0644\u0633\u0631\u0639\u0629 (\u062d\u0627\u0648\u064a\u0629 \u0646\u0645\u0648\u0630\u062c\u064a\u0629)<\/strong><\/td>\n \u0633\u0631\u064a\u0639 (15-30 \u062b\u0627\u0646\u064a\u0629)<\/td>\n \u0645\u062a\u0648\u0633\u0637 (20-60 \u062b\u0627\u0646\u064a\u0629 \u0645\u0639 \u062a\u0646\u0632\u064a\u0644 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a)<\/td>\n \u0627\u0644\u0623\u0633\u0631\u0639 (\u0645\u064f\u062f\u0645\u062c \u0641\u064a \u0627\u0644\u0628\u0646\u0627\u0621\u060c \u0628\u062f\u0648\u0646 \u0645\u0633\u062d \u0645\u0646\u0641\u0635\u0644)<\/td>\n<\/tr>\n \n \u0645\u0633\u062d \u0645\u062c\u0645\u0648\u0639\u0629 Kubernetes<\/strong><\/td>\n \u0644\u0627<\/td>\n \u0646\u0639\u0645<\/td>\n \u0644\u0627<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n \u0627\u0644\u062f\u0642\u0629 \u0648\u0627\u0644\u0627\u0643\u062a\u0645\u0627\u0644: \u062d\u064a\u062b \u064a\u0647\u0645 \u0627\u0644\u0623\u0645\u0631 \u062d\u0642\u0627\u064b<\/h2>\n
cyclonedx-maven-plugin<\/code>\u060c \u064a\u0631\u0649 \u0646\u0641\u0633 \u0634\u062c\u0631\u0629 \u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a \u0627\u0644\u062a\u064a \u062d\u0644\u0651\u0647\u0627 Maven \u0628\u0627\u0644\u0636\u0628\u0637. \u0644\u0627 \u062a\u062e\u0645\u064a\u0646 \u0648\u0644\u0627 \u0645\u0637\u0627\u0628\u0642\u0629 \u0627\u0633\u062a\u062f\u0644\u0627\u0644\u064a\u0629 \u2014 \u064a\u0642\u0631\u0623 \u0627\u0644\u0631\u0633\u0645 \u0627\u0644\u0628\u064a\u0627\u0646\u064a \u0627\u0644\u0645\u062d\u0644\u0648\u0644 \u0645\u0628\u0627\u0634\u0631\u0629.<\/p>\n\u062a\u0643\u0627\u0645\u0644 CI\/CD: \u0625\u062f\u062e\u0627\u0644 \u0642\u0648\u0627\u0626\u0645 SBOM \u0641\u064a \u062e\u0637 \u0627\u0644\u0625\u0646\u062a\u0627\u062c<\/h2>\n
Syft \u0641\u064a CI\/CD<\/h3>\n
anchore\/sbom-action<\/code>) \u064a\u064f\u0648\u0644\u0651\u062f \u0642\u0648\u0627\u0626\u0645 SBOM \u0648\u064a\u0631\u0641\u0639\u0647\u0627 \u0627\u062e\u062a\u064a\u0627\u0631\u064a\u0627\u064b \u0643\u0644\u0642\u0637\u0627\u062a \u062a\u0628\u0639\u064a\u0627\u062a GitHub. \u0644\u0623\u0646\u0638\u0645\u0629 GitLab \u0648Jenkins \u0648\u0623\u0646\u0638\u0645\u0629 CI \u0627\u0644\u0623\u062e\u0631\u0649\u060c \u062a\u062b\u0628\u064a\u062a \u0648\u0627\u0633\u062a\u062f\u0639\u0627\u0621 \u062b\u0646\u0627\u0626\u064a CLI \u0628\u0633\u064a\u0637 \u0648\u0645\u0628\u0627\u0634\u0631. \u0627\u062f\u0645\u062c\u0647 \u0645\u0639 anchore\/scan-action<\/code> (Grype) \u0644\u0628\u0648\u0627\u0628\u0627\u062a \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.<\/p>\nTrivy \u0641\u064a CI\/CD<\/h3>\n
aquasecurity\/trivy-action<\/code>)\u060c \u0648\u0645\u064f\u0634\u063a\u0651\u0644 Kubernetes (Trivy Operator<\/strong>)\u060c \u0648\u0645\u062e\u0631\u062c\u0627\u062a SARIF \u0644\u062a\u0643\u0627\u0645\u0644 GitHub Code Scanning. \u064a\u0645\u0643\u0646 \u0644\u062e\u0637\u0648\u0629 Trivy \u0648\u0627\u062d\u062f\u0629 \u0625\u0646\u062a\u0627\u062c SBOM \u0648\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u062a\u0643\u0648\u064a\u0646\u0627\u062a \u0627\u0644\u062e\u0627\u0637\u0626\u0629 \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u2014 \u0645\u0645\u0627 \u064a\u062d\u0644 \u0645\u062d\u0644 \u062b\u0644\u0627\u062b \u0623\u0648 \u0623\u0631\u0628\u0639 \u0623\u062f\u0648\u0627\u062a \u0645\u0646\u0641\u0635\u0644\u0629.<\/p>\nCycloneDX \u0641\u064a CI\/CD<\/h3>\n
@cyclonedx\/cyclonedx-npm<\/code>. \u0647\u0630\u0627 \u0627\u0644\u0646\u0647\u062c \u0627\u0644\u0623\u0635\u0644\u064a \u0644\u0644\u0628\u0646\u0627\u0621 \u064a\u0639\u0646\u064a \u0623\u0646 SBOM \u064a\u064f\u0648\u0644\u064e\u0651\u062f \u0643\u0639\u0646\u0635\u0631 \u0628\u0646\u0627\u0621 \u0625\u0644\u0649 \u062c\u0627\u0646\u0628 \u062a\u0637\u0628\u064a\u0642\u0643\u060c \u0628\u062f\u0648\u0646 \u062e\u0637\u0648\u0629 \u0645\u0633\u062d \u0645\u0646\u0641\u0635\u0644\u0629.<\/p>\n\u0645\u062a\u0649 \u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u064a \u0623\u062f\u0627\u0629<\/h2>\n
\u0627\u062e\u062a\u0631 Syft \u0639\u0646\u062f\u0645\u0627:<\/h3>\n
\n
\u0627\u062e\u062a\u0631 Trivy \u0639\u0646\u062f\u0645\u0627:<\/h3>\n
\n
\u0627\u062e\u062a\u0631 CycloneDX CLI + \u0627\u0644\u0625\u0636\u0627\u0641\u0627\u062a \u0639\u0646\u062f\u0645\u0627:<\/h3>\n
\n
\u062e\u0637 \u0625\u0646\u062a\u0627\u062c \u0645\u064f\u062f\u0645\u062c: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u062b\u0644\u0627\u062b \u0645\u0639\u0627\u064b<\/h2>\n
# Stage 1: Build-time SBOM (most accurate dependency graph)\n# In your Maven\/npm\/Go build step:\nmvn org.cyclonedx:cyclonedx-maven-plugin:makeBom\n# Output: target\/bom.json (CycloneDX format)\n\n# Stage 2: Container-level SBOM (catches OS packages + runtime deps)\nsyft packages myapp:${BUILD_TAG} -o cyclonedx-json > container-sbom.cdx.json\n\n# Stage 3: Merge build-time and container SBOMs\ncyclonedx merge \\\n --input-files target\/bom.json container-sbom.cdx.json \\\n --output-file merged-sbom.cdx.json\n\n# Stage 4: Validate the merged SBOM\ncyclonedx validate --input-file merged-sbom.cdx.json --fail-on-errors\n\n# Stage 5: Vulnerability scan the merged SBOM\ntrivy sbom merged-sbom.cdx.json --exit-code 1 --severity CRITICAL,HIGH\n\n# Stage 6: Sign and attest\ncosign attest --predicate merged-sbom.cdx.json \\\n --type cyclonedx myapp:${BUILD_TAG}<\/code><\/pre>\n\u0627\u0639\u062a\u0628\u0627\u0631\u0627\u062a \u0627\u0644\u0623\u062f\u0627\u0621<\/h2>\n
\n
--skip-db-update<\/code> \u0641\u064a CI (\u0645\u0639 \u0630\u0627\u0643\u0631\u0629 \u062a\u062e\u0632\u064a\u0646 \u0645\u0624\u0642\u062a\u0629 \u0645\u064f\u0633\u062e\u0651\u0646\u0629 \u0645\u0633\u0628\u0642\u0627\u064b) \u064a\u064f\u0644\u063a\u064a \u0647\u0630\u0627 \u0627\u0644\u0639\u0628\u0621.<\/li>\n\u0627\u0644\u062a\u0635\u062f\u064a\u0642 \u0648\u0627\u0644\u062a\u0648\u0642\u064a\u0639: \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 SBOM<\/h2>\n
cosign attest<\/code> \u0645\u0628\u0627\u0634\u0631\u0629.<\/p>\ntrivy image --format cosign-vuln<\/code> \u062a\u064f\u0646\u062a\u062c \u062a\u0642\u0627\u0631\u064a\u0631 \u062b\u063a\u0631\u0627\u062a \u062c\u0627\u0647\u0632\u0629 \u0644\u0644\u062a\u0635\u062f\u064a\u0642.<\/p>\n\u0627\u0644\u062e\u0644\u0627\u0635\u0629<\/h2>\n