Adds support for SBOM attestations

lib/kamal/commands/builder/base.rb

@@ -6,7 +6,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
   delegate :argumentize, to: Kamal::Utils
   delegate \
     :args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
-    :cache_from, :cache_to, :ssh, :provenance, :driver, :docker_driver?,
+    :cache_from, :cache_to, :ssh, :provenance, :sbom, :driver, :docker_driver?,
     to: :builder_config
 
   def clean
@@ -37,7 +37,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
   end
 
   def build_options
-    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance ]
+    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance, *builder_sbom ]
   end
 
   def build_context
@@ -101,6 +101,10 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
       argumentize "--provenance", provenance unless provenance.nil?
     end
 
+    def builder_sbom
+      argumentize "--sbom", sbom unless sbom.nil?
+    end
+
     def builder_config
       config.builder
     end

lib/kamal/configuration/builder.rb

@@ -115,6 +115,10 @@ class Kamal::Configuration::Builder
     builder_config["provenance"]
   end
 
+  def sbom
+    builder_config["sbom"]
+  end
+
   def git_clone?
     Kamal::Git.used? && builder_config["context"].nil?
   end

lib/kamal/configuration/docs/builder.yml

@@ -108,3 +108,9 @@ builder:
   # It is used to configure provenance attestations for the build result.
   # The value can also be a boolean to enable or disable provenance attestations.
   provenance: mode=max
+
+  # SBOM (Software Bill of Materials)
+  #
+  # It is used to configure SBOM generation for the build result.
+  # The value can also be a boolean to enable or disable SBOM generation.
+  sbom: true