Experimental Feature

This feature is currently in development and is subject to change. You are welcome to try it out and provide feedback, but be aware that it may not be fully functional or supported.

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.

In this short guide, we will explore how to use SBOM Observer to analyze Kubernetes workloads and control-plane components.


To get started, you will need a running Kubernetes cluster and have kubectl installed and configured to use the cluster.

You will also need to have observer-cli installed and configured with your SBOM Observer API key.

To create SBOMs for the Kubernetes workloads and control-plane, you will also need to have Trivy or Syft installed.

Creating a cluster snapshot and SBOMs

Using the observer-cli, you can create a snapshot of the running resources your Kubernetes cluster, and automatically create SBOMs for all the identified container images.

By default the observer-cli will use kubectl to snapshot all namepaces, including the control-plane components in the kube-system namespace.

There are also options to create SBOMs for specific namespace, see the Read me for more info.

$ observer-cli k8s --sbom --upload

Optionally the observer-cli can upload the snapshot and SBOMs automatically to SBOM Observer.


The snapshot will create an environment in SBOM Observer, which represent the Operational Model, or "What is running in production/test/qa right now?".

Environments are useful to group and manage applications, services, and infrastructure - making it easier to prioritize and manage vulnerabilities and policy violations.

You can also export an SBOM for the entire environment, which will include all the SBOMs for the workloads and control-plane components.

Detailed Container Information

SBOM Observer provides a rich view of how the analyzed docker container is constructed and on which layer components, vulnerabilities and policy violations are discovered.

For Kubernetes control-plane components, SBOM Observer will additionally show vulnerabilities tracked by the Kubernetes Security Response Committee.

See Container Transparency for more details.