From a0ab07891b72fff6f914b57ba509d16e8eea09cc Mon Sep 17 00:00:00 2001 From: Haksung Jang Date: Mon, 15 Jun 2026 10:34:39 +0900 Subject: [PATCH] chore(scanner): default Android image pull to the bomlens name The bomlens-android-sdk30..35 images are now published (public, latest tag), so point the default Android image prefix at the featured bomlens name. The sbom-scanner-android-sdk alias is still published from the same digest, so SBOM_FIRMWARE_IMAGE-style overrides and existing pulls keep working. This completes the package-name unification under the bomlens brand for the firmware and Android SDK images. --- docker/lib/source-detect.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docker/lib/source-detect.sh b/docker/lib/source-detect.sh index 285a04e..dafb8d6 100644 --- a/docker/lib/source-detect.sh +++ b/docker/lib/source-detect.sh @@ -14,11 +14,7 @@ CDXGEN_TAG="${CDXGEN_TAG:-v12}" # cdxgen language image tag CDXGEN_ALLINONE="${CDXGEN_ALLINONE:-ghcr.io/cyclonedx/cdxgen:v12.5.0}" -# Default to the sbom-scanner-android-sdk name: Android images publish only on -# release (not main pushes), so the featured bomlens-android-sdk images do not -# exist until the next release. The two names share the same digest; flip this -# default to bomlens-android-sdk once those images are published. -ANDROID_IMAGE_PREFIX="${ANDROID_IMAGE_PREFIX:-ghcr.io/sktelecom/sbom-scanner-android-sdk}" +ANDROID_IMAGE_PREFIX="${ANDROID_IMAGE_PREFIX:-ghcr.io/sktelecom/bomlens-android-sdk}" # legacy alias: sbom-scanner-android-sdk (same digest) ANDROID_API_DEFAULT="${ANDROID_API_DEFAULT:-34}" # cdxgen does not resolve dependency licenses by default, leaving the SBOM (and # the NOTICE derived from it) without license data. FETCH_LICENSE=true makes