Private snap manifests
As part of our ongoing commitment to security and transparency, we are pleased to announce an improved approach to snap manifest generation for private projects. This update specifically addresses the long-standing technical block that suppressed the creation of manifest.yaml files during private snap builds, an important component for generating accurate Software Bills of Materials (SBOMs).
The challenge of secret exposure
Previously, manifest generation for private builds was deliberately disabled as a protective measure. The primary security concern was that including a snap manifest in a binary snap could inadvertently expose sensitive source credentials or internal build configurations.
While effective at preventing data leaks, this restriction also created significant hurdles for users wanting to produce SBOMs. Given that access to these private snaps is limited to those with explicit authorization, the risk of data and secret leakage is significantly reduced, allowing us to decommission the previous suppression mechanism.
What this means for developers
For private snaps built on Launchpad, the manifest.yaml will now automatically be included in binary snaps by default during the build process.
Looking ahead
We are continuing to refine our offering, providing more and better features that support enhanced security and efficiency.
We invite you to share your feedback on this change by reaching out to us:
- Matrix: #launchpad:ubuntu.com
- Email: feedback@launchpad.net
- Ask a question: https://answers.launchpad.net/launchpad
Tags: announcement, feature, launchpad
