[Verse 1]
Container images hide their secrets tight
Each layer stacked like archaeological sites
Multi-stage builds obscure the treasure map
Dependencies tangled in each snapshot
Syft and Grype pierce through the veil
While Trivy scans where others fail
[Chorus]
Peel the onion back, layer by layer
SBOM generation, nothing escapes our radar
Every package tracked, every version clear
Supply chain transparency, crystal atmosphere
Peel the onion back, dependencies unfold
Security stories that must be told
[Verse 2]
Base image Alpine holds its minimal core
While builder stages add libraries galore
Final runtime drops the compilation tools
But artifacts remain, breaking security rules
Anchore Engine reads the manifest truth
Docker history reveals each proof
[Chorus]
Peel the onion back, layer by layer
SBOM generation, nothing escapes our radar
Every package tracked, every version clear
Supply chain transparency, crystal atmosphere
Peel the onion back, dependencies unfold
Security stories that must be told
[Bridge]
CVE databases cross-reference the scan
Vulnerability windows expose the plan
License compliance through the dependency tree
Open source obligations for all to see
Static analysis meets runtime detection
Comprehensive coverage, perfect protection
[Verse 3]
Cosign signatures verify the source
SLSA provenance charts the course
Harbor registries store the metadata
While policies enforce what passes the gate
From Dockerfile layers to running containers
Supply chain integrity never wavers
[Chorus]
Peel the onion back, layer by layer
SBOM generation, nothing escapes our radar
Every package tracked, every version clear
Supply chain transparency, crystal atmosphere
Peel the onion back, dependencies unfold
Security stories that must be told
[Outro]
In geopolitical storms and cyber warfare
Knowing your components shows you care
Trust but verify every single byte
Keep your software supply chain tight