LogoLogo
PipekitPricingBlogPipekit StatusRelease Notes
  • Introduction
  • Getting Started
  • CLI
    • Cron Workflows
  • Pipekit Agent
    • Helm Install
  • Pipekit
    • Authentication
      • Okta
    • Runs
    • Pipes
      • Managing Pipes
        • Run Conditions
        • Secrets
        • Alerting
      • Pipe Runs
        • Run Graph (DAG)
        • Pod Logs
        • Workflow Logs
        • Workflow YAML
      • Cron Workflows
      • Externally Triggered Workflows
    • Metrics
    • Templates
    • Clusters
    • Organization
      • Creating an Organization
      • Managing Users
      • Managing Alert Providers
      • Settings
      • Permissions
  • Python SDK
    • Jupyter Notebooks
    • Python Scripts
  • Self-Hosting Pipekit
    • Dependencies and Pre-requisites
    • Container Images
    • Kubernetes Permissions
    • Self-Hosted Pipekit Helm Chart
    • License Key
    • Initial Login and Break Glass Account
    • Integrating with your Git Provider
    • Configuring SSO
  • Additional Information
    • Free Trial Cluster
  • REST API
Powered by GitBook
On this page
  • Software Bill of Materials (SBOM)
  • Containers
  • CLI Binaries
  • Signed Containers

Additional Information

Last updated 10 months ago

Software Bill of Materials (SBOM)

Containers

An SBOM for our public containers (e.g. and the ) is embedded within the container image in SPDX format. You can extract the SBOM by running the following docker buildx command:

docker buildx imagetools inspect pipekit13/pipekit-agent:v0.0.0 --format '{{ json (index .SBOM "linux/amd64").SPDX}}' > pipekit-agent.spdx

Remember to set the image tag accordingly:

We combine a linux/amd64 and a linux/arm64 variant of the containers as one image tag, this is why you need to choose the correct variant of the SBOM to extract.

Alternatively, you can extract a list of all the packages used in the container by running the following command:

docker buildx imagetools inspect pipekit13/pipekit-agent:v0.0.0 --format '{{ range (index .SBOM "linux/amd64").SPDX.packages }}{{ println .name .versionInfo }}{{ end }}' | sort

You can also search for individual packages by running the following command:

docker buildx imagetools inspect pipekit13/pipekit-agent:v0.0.0 --format '{{ range (index .SBOM "linux/amd64").SPDX.packages }}{{ if eq .name "busybox" }}{{ println .versionInfo }}{{ end }}{{ end }}'

CLI Binaries

SBOM files are available alongside the CLI binaries in the .

Signed Containers

After installing Cosign, you can verify the signature of a container by running the following command:

cat <<EOF > pipekit-cosign.pub
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUsGMXv9tynS/2yu4WkZLZwLYIbq1
kI/iAtFVazXjKbZVS4+UJnAFt1eh6I8+MEN75KHUD+xw0rm918ZxgRlXKA==
-----END PUBLIC KEY-----
EOF

cosign verify --key pipekit-cosign.pub pipekit13/pipekit-agent:latest

We sign our public containers using . Signing materials are stored in a tamper-resistant public log.

You can use an admission controller such as to verify the signature of the container at runtime within Kubernetes.

Cosign
Connaisseur
Pipekit Agent
Pipekit Agent
Pipekit CLI
Pipekit CLI repository
Pipekit CLI