introduce build.provenance and sbom support

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2026-02-09 01:59:22 +08:00 · 2025-07-17 18:28:44 +02:00
parent 1d2223fb23
commit 8f91793fb5
7 changed files with 63 additions and 9 deletions
--- a/docs/reference/compose_build.md
+++ b/docs/reference/compose_build.md
@@ -22,9 +22,11 @@ run `docker compose build` to rebuild it.
 | `-m`, `--memory`      | `bytes`       | `0`     | Set memory limit for the build container. Not supported by BuildKit.                                        |
 | `--no-cache`          | `bool`        |         | Do not use cache when building the image                                                                    |
 | `--print`             | `bool`        |         | Print equivalent bake file                                                                                  |
+| `--provenance`        | `string`      |         | Add a provenance attestation                                                                                |
 | `--pull`              | `bool`        |         | Always attempt to pull a newer version of the image                                                         |
 | `--push`              | `bool`        |         | Push service images                                                                                         |
 | `-q`, `--quiet`       | `bool`        |         | Don't print anything to STDOUT                                                                              |
+| `--sbom`              | `string`      |         | Add a SBOM attestation                                                                                      |
 | `--ssh`               | `string`      |         | Set SSH authentications used when building service images. (use 'default' for using your default SSH Agent) |
 | `--with-dependencies` | `bool`        |         | Also build dependencies (transitively)                                                                      |

--- a/docs/reference/docker_compose_build.yaml
+++ b/docs/reference/docker_compose_build.yaml
@@ -125,6 +125,15 @@ options:
      experimentalcli: false
      kubernetes: false
      swarm: false
+    - option: provenance
+      value_type: string
+      description: Add a provenance attestation
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
    - option: pull
      value_type: bool
      default_value: "false"
@@ -156,6 +165,15 @@ options:
      experimentalcli: false
      kubernetes: false
      swarm: false
+    - option: sbom
+      value_type: string
+      description: Add a SBOM attestation
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
    - option: ssh
      value_type: string
      description: |