Integrate Chainguard apko with Vulnetix. Build minimal container images from APK packages and automatically generate SPDX SBOMs. Upload the SBOM to Vulnetix for supply chain tracking.
GoCLI toolSPDXCycloneDX
Install & scan
$ # Install via Go go install chainguard.dev/apko@latest # macOS via Homebrew brew install apko $ # Build a container image from apko.yaml # SBOM is automatically generated as sbom-<arch>.spdx.json apko build apko.yaml myapp:latest myapp.tar # Load into Docker docker load < myapp.tar # Upload SBOM to Vulnetix vulnetix upload --file sbom-amd64.spdx.json
Run Chainguard Apko in CI
Scan on every push and upload the results to Vulnetix:
- name: Install apko
run: go install chainguard.dev/apko@latest
- name: Build image and generate SBOM
run: apko build apko.yaml myapp:${{ github.sha }} myapp.tar
- name: Upload SBOM to Vulnetix
run: vulnetix upload --file sbom-amd64.spdx.json
Centralise Chainguard Apko results in Vulnetix
Upload Chainguard Apko SPDX, CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.