I'm on the lookout for a tool that can help generate reports on container images that include enterprise software requiring a license. We're currently using Harbor as our registry, and I'm curious if there's a tool available that can either integrate directly with Harbor, or import SBOM (Software Bill of Materials) files from Harbor to analyze and create these license usage reports. Additionally, I'm interested in hearing how others manage license compliance in a shared registry environment.
2 Answers
What kind of vendor licensing issues are you dealing with? It might help to clarify exactly what licenses you need to track for better tool recommendations.
A container registry might not be the best spot for tracking this because the nodes just cache images and won't know how many pods are using a specific image. I recommend considering writing a controller that counts the active pods utilizing the image instead.
For Oracle Java, you'll definitely need to be careful. Make sure to check if it's installed within the containers to keep track of usage accurately.