From 8672ae7fc124adade4806adfef37f335fbfa5903 Mon Sep 17 00:00:00 2001
From: Thomas Kosiewski <tk@coder.com>
Date: Thu, 13 Mar 2025 18:04:01 +0100
Subject: [PATCH] fix: replace colons in SBOM filename for Docker image
 attestation

Change-Id: I887f4fc255d9bfa19b6c5d23ad0a5db7352aa2af
Signed-off-by: Thomas Kosiewski <tk@coder.com>
---
 scripts/build_docker.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh
index 66c21b361afaa..e9217d1edcbff 100755
--- a/scripts/build_docker.sh
+++ b/scripts/build_docker.sh
@@ -154,14 +154,14 @@ if [[ "$push" == 1 ]]; then
 fi
 
 log "--- Generating SBOM for Docker image ($image_tag)"
-syft "$image_tag" -o spdx-json >"${image_tag}.spdx.json"
+syft "$image_tag" -o spdx-json >"${image_tag//:/_}.spdx.json"
 
 if [[ "$push" == 1 ]]; then
 	log "--- Attesting SBOM to Docker image for $arch ($image_tag)"
 	COSIGN_EXPERIMENTAL=1 cosign clean "$image_tag"
 
 	COSIGN_EXPERIMENTAL=1 cosign attest --type spdxjson \
-		--predicate "${image_tag}.spdx.json" \
+		--predicate "${image_tag//:/_}.spdx.json" \
 		--yes \
 		"$image_tag"
 fi