cli: add "debug sbom" command? #14408
Labels
security
Issues involving security in the Tailscale product or infrastructure
Comments
bradfitz
added
the
security
|
I wish I was more intimately familiar with the codebase, but I wanted to take a stab at this. PR #14484 doesn't create a local api endpoint, but it does add the ability to print the
I'm unsure if by SBOM you're referring to any modules or software that wouldn't be baked into the static binary. If you need to go even further up to get verifiable bits in the toolchain used to build go itself or other components, I would imagine that my PR can be safely closed without merging. |
|
note: users might expect some standard SBOM format in the output, like CycloneDX or SPDX |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Maybe we should add a command like:
tailscale debug sbomto effectively rungo version -magainst the CLI and/or daemon and print out the SBOM (software bill of materials).We'd probably want a LocalAPI endpoint to return it so the CLI can ask the tailscaled for its SBOM and print it. And CLI's SBOM too might be interesting. Maybe we merge the two. Or force you say which binary you want with a flag to the
sbomsubcommand./cc @KayLEvans @awly @patrickod
The text was updated successfully, but these errors were encountered: