Buildpacks-built images contain metadata that allow you to audit both the image itself and the build process.
Information includes:
Rebasable
label or notpack inspect-image test-node-js-app
You should see the following:
Run Images:
cnbs/sample-base-run:jammy
...
Buildpacks:
ID VERSION HOMEPAGE
examples/node-js 0.0.1 -
Processes:
TYPE SHELL COMMAND ARGS WORK DIR
web (default) bash node-js app.js /workspace
Apart from the above standard metadata, buildpacks can also populate information about the dependencies they have provided in form of a Software Bill-of-Materials
or SBOM.