diff --git a/client/build.go b/client/build.go
index 106d36329108..f40d83cc27bf 100644
--- a/client/build.go
+++ b/client/build.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/moby/buildkit/client/buildid"
+	"github.com/moby/buildkit/frontend/attestations"
 	gateway "github.com/moby/buildkit/frontend/gateway/client"
 	"github.com/moby/buildkit/frontend/gateway/grpcclient"
 	gatewayapi "github.com/moby/buildkit/frontend/gateway/pb"
@@ -20,17 +21,15 @@ func (c *Client) Build(ctx context.Context, opt SolveOpt, product string, buildF
 		}
 	}()
 
-	if opt.Frontend != "" {
-		return nil, errors.New("invalid SolveOpt, Build interface cannot use Frontend")
-	}
+	feOpts := opt.FrontendAttrs
+
+	opt.Frontend = ""
+	opt.FrontendAttrs = attestations.Filter(opt.FrontendAttrs)
 
 	if product == "" {
 		product = apicaps.ExportedProduct
 	}
 
-	feOpts := opt.FrontendAttrs
-	opt.FrontendAttrs = nil
-
 	workers, err := c.ListWorkers(ctx)
 	if err != nil {
 		return nil, errors.Wrap(err, "listing workers for Build")
diff --git a/client/client_test.go b/client/client_test.go
index 39fae644f2d0..da100d7c2c12 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -181,6 +181,9 @@ func TestIntegration(t *testing.T) {
 		testSourceDateEpochReset,
 		testSourceDateEpochLocalExporter,
 		testSourceDateEpochTarExporter,
+		testAttestationBundle,
+		testSBOMScan,
+		testSBOMScanSingleRef,
 	)
 	tests = append(tests, diffOpTestCases()...)
 	integration.Run(t, tests, mirrors)
@@ -7113,6 +7116,581 @@ func testAttestationDefaultSubject(t *testing.T, sb integration.Sandbox) {
 	}
 }
 
+func testAttestationBundle(t *testing.T, sb integration.Sandbox) {
+	requiresLinux(t)
+	c, err := New(sb.Context(), sb.Address())
+	require.NoError(t, err)
+
+	registry, err := sb.NewRegistry()
+	if errors.Is(err, integration.ErrRequirements) {
+		t.Skip(err.Error())
+	}
+
+	ps := []ocispecs.Platform{
+		platforms.MustParse("linux/amd64"),
+	}
+
+	frontend := func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
+		res := gateway.NewResult()
+		expPlatforms := &exptypes.Platforms{}
+
+		for _, p := range ps {
+			pk := platforms.Format(p)
+			expPlatforms.Platforms = append(expPlatforms.Platforms, exptypes.Platform{ID: pk, Platform: p})
+
+			// build image
+			st := llb.Scratch().File(
+				llb.Mkfile("/greeting", 0600, []byte(fmt.Sprintf("hello %s!", pk))),
+			)
+			def, err := st.Marshal(ctx)
+			if err != nil {
+				return nil, err
+			}
+			r, err := c.Solve(ctx, gateway.SolveRequest{
+				Definition: def.ToPB(),
+			})
+			if err != nil {
+				return nil, err
+			}
+			ref, err := r.SingleRef()
+			if err != nil {
+				return nil, err
+			}
+			_, err = ref.ToState()
+			if err != nil {
+				return nil, err
+			}
+			res.AddRef(pk, ref)
+
+			stmt := intoto.Statement{
+				StatementHeader: intoto.StatementHeader{
+					Type:          intoto.StatementInTotoV01,
+					PredicateType: "https://example.com/attestations/v1.0",
+				},
+				Predicate: map[string]interface{}{
+					"foo": "1",
+				},
+			}
+			buff := bytes.NewBuffer(nil)
+			enc := json.NewEncoder(buff)
+			require.NoError(t, enc.Encode(stmt))
+
+			// build attestations
+			st = llb.Scratch()
+			st = st.File(
+				llb.Mkdir("/bundle", 0700),
+			)
+			st = st.File(
+				llb.Mkfile("/bundle/attestation.json", 0600, buff.Bytes()),
+			)
+			def, err = st.Marshal(ctx)
+			if err != nil {
+				return nil, err
+			}
+			r, err = c.Solve(ctx, gateway.SolveRequest{
+				Definition: def.ToPB(),
+			})
+			if err != nil {
+				return nil, err
+			}
+			refAttest, err := r.SingleRef()
+			if err != nil {
+				return nil, err
+			}
+			_, err = ref.ToState()
+			if err != nil {
+				return nil, err
+			}
+			res.AddAttestation(pk, result.Attestation{
+				Kind: gatewaypb.AttestationKindBundle,
+				Path: "/bundle",
+			}, refAttest)
+		}
+
+		dt, err := json.Marshal(expPlatforms)
+		if err != nil {
+			return nil, err
+		}
+		res.AddMeta(exptypes.ExporterPlatformsKey, dt)
+
+		return res, nil
+	}
+
+	target := registry + "/buildkit/testattestationsbundle:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": target,
+					"push": "true",
+				},
+			},
+		},
+	}, "", frontend, nil)
+	require.NoError(t, err)
+
+	desc, provider, err := contentutil.ProviderFromRef(target)
+	require.NoError(t, err)
+
+	imgs, err := testutil.ReadImages(sb.Context(), provider, desc)
+	require.NoError(t, err)
+	require.Equal(t, len(ps)*2, len(imgs.Images))
+
+	var bases []*testutil.ImageInfo
+	for _, p := range ps {
+		pk := platforms.Format(p)
+		bases = append(bases, imgs.Find(pk))
+	}
+
+	atts := imgs.Filter("unknown/unknown")
+	require.Equal(t, len(ps)*1, len(atts.Images))
+	for i, att := range atts.Images {
+		require.Equal(t, 1, len(att.LayersRaw))
+		var attest intoto.Statement
+		require.NoError(t, json.Unmarshal(att.LayersRaw[0], &attest))
+
+		require.Equal(t, "https://example.com/attestations/v1.0", attest.PredicateType)
+		require.Equal(t, map[string]interface{}{"foo": "1"}, attest.Predicate)
+		name, _ := purl.RefToPURL(target, &ps[i])
+		subjects := []intoto.Subject{{
+			Name: name,
+			Digest: map[string]string{
+				"sha256": bases[i].Desc.Digest.Encoded(),
+			},
+		}}
+		require.Equal(t, subjects, attest.Subject)
+	}
+}
+
+func testSBOMScan(t *testing.T, sb integration.Sandbox) {
+	requiresLinux(t)
+	c, err := New(sb.Context(), sb.Address())
+	require.NoError(t, err)
+
+	registry, err := sb.NewRegistry()
+	if errors.Is(err, integration.ErrRequirements) {
+		t.Skip(err.Error())
+	}
+
+	p := platforms.MustParse("linux/amd64")
+	pk := platforms.Format(p)
+
+	scannerFrontend := func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
+		res := gateway.NewResult()
+
+		st := llb.Image("busybox")
+		def, err := st.Marshal(sb.Context())
+		require.NoError(t, err)
+
+		r, err := c.Solve(ctx, gateway.SolveRequest{
+			Definition: def.ToPB(),
+		})
+		if err != nil {
+			return nil, err
+		}
+		ref, err := r.SingleRef()
+		if err != nil {
+			return nil, err
+		}
+		_, err = ref.ToState()
+		if err != nil {
+			return nil, err
+		}
+		res.AddRef(pk, ref)
+
+		expPlatforms := &exptypes.Platforms{
+			Platforms: []exptypes.Platform{{ID: pk, Platform: p}},
+		}
+		dt, err := json.Marshal(expPlatforms)
+		if err != nil {
+			return nil, err
+		}
+		res.AddMeta(exptypes.ExporterPlatformsKey, dt)
+
+		var img ocispecs.Image
+		cmd := `
+cat <<EOF > $BUILDKIT_SCAN_DESTINATION/spdx.json
+{
+  "_type": "https://in-toto.io/Statement/v0.1",
+  "predicateType": "https://spdx.dev/Document",
+  "predicate": {"success": false}
+}
+EOF
+`
+		img.Config.Cmd = []string{"/bin/sh", "-c", cmd}
+		config, err := json.Marshal(img)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to marshal image config")
+		}
+		res.AddMeta(fmt.Sprintf("%s/%s", exptypes.ExporterImageConfigKey, pk), config)
+
+		return res, nil
+	}
+
+	scannerTarget := registry + "/buildkit/testsbomscanner:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": scannerTarget,
+					"push": "true",
+				},
+			},
+		},
+	}, "", scannerFrontend, nil)
+	require.NoError(t, err)
+
+	makeTargetFrontend := func(attest bool) func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
+		return func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
+			res := gateway.NewResult()
+
+			// build image
+			st := llb.Scratch().File(
+				llb.Mkfile("/greeting", 0600, []byte("hello world!")),
+			)
+			def, err := st.Marshal(ctx)
+			if err != nil {
+				return nil, err
+			}
+			r, err := c.Solve(ctx, gateway.SolveRequest{
+				Definition: def.ToPB(),
+			})
+			if err != nil {
+				return nil, err
+			}
+			ref, err := r.SingleRef()
+			if err != nil {
+				return nil, err
+			}
+			_, err = ref.ToState()
+			if err != nil {
+				return nil, err
+			}
+			res.AddRef(pk, ref)
+
+			expPlatforms := &exptypes.Platforms{
+				Platforms: []exptypes.Platform{{ID: pk, Platform: p}},
+			}
+			dt, err := json.Marshal(expPlatforms)
+			if err != nil {
+				return nil, err
+			}
+			res.AddMeta(exptypes.ExporterPlatformsKey, dt)
+
+			// build attestations
+			if attest {
+				st = llb.Scratch().
+					File(llb.Mkfile("/result.spdx", 0600, []byte(`{"success": true}`)))
+				def, err = st.Marshal(ctx)
+				if err != nil {
+					return nil, err
+				}
+				r, err = c.Solve(ctx, gateway.SolveRequest{
+					Definition: def.ToPB(),
+				})
+				if err != nil {
+					return nil, err
+				}
+				refAttest, err := r.SingleRef()
+				if err != nil {
+					return nil, err
+				}
+				_, err = ref.ToState()
+				if err != nil {
+					return nil, err
+				}
+
+				res.AddAttestation(pk, result.Attestation{
+					Kind: gatewaypb.AttestationKindInToto,
+					Path: "/result.spdx",
+					InToto: result.InTotoAttestation{
+						PredicateType: intoto.PredicateSPDX,
+					},
+				}, refAttest)
+			}
+
+			return res, nil
+		}
+	}
+
+	// test the default fallback scanner
+	target := registry + "/buildkit/testsbom:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		FrontendAttrs: map[string]string{
+			"attest:sbom": "",
+		},
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": target,
+					"push": "true",
+				},
+			},
+		},
+	}, "", makeTargetFrontend(false), nil)
+	require.NoError(t, err)
+
+	desc, provider, err := contentutil.ProviderFromRef(target)
+	require.NoError(t, err)
+
+	imgs, err := testutil.ReadImages(sb.Context(), provider, desc)
+	require.NoError(t, err)
+	require.Equal(t, 2, len(imgs.Images))
+
+	// test the frontend builtin scanner
+	target = registry + "/buildkit/testsbom2:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		FrontendAttrs: map[string]string{
+			"attest:sbom": "",
+		},
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": target,
+					"push": "true",
+				},
+			},
+		},
+	}, "", makeTargetFrontend(true), nil)
+	require.NoError(t, err)
+
+	desc, provider, err = contentutil.ProviderFromRef(target)
+	require.NoError(t, err)
+
+	imgs, err = testutil.ReadImages(sb.Context(), provider, desc)
+	require.NoError(t, err)
+	require.Equal(t, 2, len(imgs.Images))
+
+	att := imgs.Find("unknown/unknown")
+	attest := intoto.Statement{}
+	require.NoError(t, json.Unmarshal(att.LayersRaw[0], &attest))
+	require.Equal(t, "https://in-toto.io/Statement/v0.1", attest.Type)
+	require.Equal(t, intoto.PredicateSPDX, attest.PredicateType)
+	require.Equal(t, map[string]interface{}{"success": true}, attest.Predicate)
+
+	// test the specified fallback scanner
+	target = registry + "/buildkit/testsbom3:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		FrontendAttrs: map[string]string{
+			"attest:sbom": "generator=" + scannerTarget,
+		},
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": target,
+					"push": "true",
+				},
+			},
+		},
+	}, "", makeTargetFrontend(false), nil)
+	require.NoError(t, err)
+
+	desc, provider, err = contentutil.ProviderFromRef(target)
+	require.NoError(t, err)
+
+	imgs, err = testutil.ReadImages(sb.Context(), provider, desc)
+	require.NoError(t, err)
+	require.Equal(t, 2, len(imgs.Images))
+
+	att = imgs.Find("unknown/unknown")
+	attest = intoto.Statement{}
+	require.NoError(t, json.Unmarshal(att.LayersRaw[0], &attest))
+	require.Equal(t, "https://in-toto.io/Statement/v0.1", attest.Type)
+	require.Equal(t, intoto.PredicateSPDX, attest.PredicateType)
+	require.Equal(t, map[string]interface{}{"success": false}, attest.Predicate)
+
+	// test the builtin frontend scanner and the specified fallback scanner together
+	target = registry + "/buildkit/testsbom3:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		FrontendAttrs: map[string]string{
+			"attest:sbom": "generator=" + scannerTarget,
+		},
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": target,
+					"push": "true",
+				},
+			},
+		},
+	}, "", makeTargetFrontend(true), nil)
+	require.NoError(t, err)
+
+	desc, provider, err = contentutil.ProviderFromRef(target)
+	require.NoError(t, err)
+
+	imgs, err = testutil.ReadImages(sb.Context(), provider, desc)
+	require.NoError(t, err)
+	require.Equal(t, 2, len(imgs.Images))
+
+	att = imgs.Find("unknown/unknown")
+	attest = intoto.Statement{}
+	require.NoError(t, json.Unmarshal(att.LayersRaw[0], &attest))
+	require.Equal(t, "https://in-toto.io/Statement/v0.1", attest.Type)
+	require.Equal(t, intoto.PredicateSPDX, attest.PredicateType)
+	require.Equal(t, map[string]interface{}{"success": true}, attest.Predicate)
+}
+
+func testSBOMScanSingleRef(t *testing.T, sb integration.Sandbox) {
+	requiresLinux(t)
+	c, err := New(sb.Context(), sb.Address())
+	require.NoError(t, err)
+
+	registry, err := sb.NewRegistry()
+	if errors.Is(err, integration.ErrRequirements) {
+		t.Skip(err.Error())
+	}
+
+	p := platforms.DefaultSpec()
+	pk := platforms.Format(p)
+
+	scannerFrontend := func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
+		res := gateway.NewResult()
+
+		st := llb.Image("busybox")
+		def, err := st.Marshal(sb.Context())
+		require.NoError(t, err)
+
+		r, err := c.Solve(ctx, gateway.SolveRequest{
+			Definition: def.ToPB(),
+		})
+		if err != nil {
+			return nil, err
+		}
+		ref, err := r.SingleRef()
+		if err != nil {
+			return nil, err
+		}
+		_, err = ref.ToState()
+		if err != nil {
+			return nil, err
+		}
+		res.AddRef(pk, ref)
+
+		expPlatforms := &exptypes.Platforms{
+			Platforms: []exptypes.Platform{{ID: pk, Platform: p}},
+		}
+		dt, err := json.Marshal(expPlatforms)
+		if err != nil {
+			return nil, err
+		}
+		res.AddMeta(exptypes.ExporterPlatformsKey, dt)
+
+		var img ocispecs.Image
+		cmd := `
+cat <<EOF > $BUILDKIT_SCAN_DESTINATION/spdx.json
+{
+  "_type": "https://in-toto.io/Statement/v0.1",
+  "predicateType": "https://spdx.dev/Document",
+  "predicate": {"success": false}
+}
+EOF
+`
+		img.Config.Cmd = []string{"/bin/sh", "-c", cmd}
+		config, err := json.Marshal(img)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to marshal image config")
+		}
+		res.AddMeta(fmt.Sprintf("%s/%s", exptypes.ExporterImageConfigKey, pk), config)
+
+		return res, nil
+	}
+
+	scannerTarget := registry + "/buildkit/testsbomscanner:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": scannerTarget,
+					"push": "true",
+				},
+			},
+		},
+	}, "", scannerFrontend, nil)
+	require.NoError(t, err)
+
+	targetFrontend := func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
+		res := gateway.NewResult()
+
+		// build image
+		st := llb.Scratch().File(
+			llb.Mkfile("/greeting", 0600, []byte("hello world!")),
+		)
+		def, err := st.Marshal(ctx)
+		if err != nil {
+			return nil, err
+		}
+		r, err := c.Solve(ctx, gateway.SolveRequest{
+			Definition: def.ToPB(),
+		})
+		if err != nil {
+			return nil, err
+		}
+		ref, err := r.SingleRef()
+		if err != nil {
+			return nil, err
+		}
+		_, err = ref.ToState()
+		if err != nil {
+			return nil, err
+		}
+		res.SetRef(ref)
+
+		var img ocispecs.Image
+		img.Config.Cmd = []string{"/bin/sh", "-c", "cat /greeting"}
+		config, err := json.Marshal(img)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to marshal image config")
+		}
+		res.AddMeta(exptypes.ExporterImageConfigKey, config)
+
+		return res, nil
+	}
+
+	target := registry + "/buildkit/testsbomsingle:latest"
+	_, err = c.Build(sb.Context(), SolveOpt{
+		FrontendAttrs: map[string]string{
+			"attest:sbom": "generator=" + scannerTarget,
+		},
+		Exports: []ExportEntry{
+			{
+				Type: ExporterImage,
+				Attrs: map[string]string{
+					"name": target,
+					"push": "true",
+				},
+			},
+		},
+	}, "", targetFrontend, nil)
+	require.NoError(t, err)
+
+	desc, provider, err := contentutil.ProviderFromRef(target)
+	require.NoError(t, err)
+
+	imgs, err := testutil.ReadImages(sb.Context(), provider, desc)
+	require.NoError(t, err)
+	require.Equal(t, 2, len(imgs.Images))
+
+	img := imgs.Find(pk)
+	require.NotNil(t, img)
+	require.Equal(t, []string{"/bin/sh", "-c", "cat /greeting"}, img.Img.Config.Cmd)
+
+	att := imgs.Find("unknown/unknown")
+	require.NotNil(t, att)
+	attest := intoto.Statement{}
+	require.NoError(t, json.Unmarshal(att.LayersRaw[0], &attest))
+	require.Equal(t, "https://in-toto.io/Statement/v0.1", attest.Type)
+	require.Equal(t, intoto.PredicateSPDX, attest.PredicateType)
+	require.Equal(t, map[string]interface{}{"success": false}, attest.Predicate)
+}
+
 func makeSSHAgentSock(t *testing.T, agent agent.Agent) (p string, err error) {
 	tmpDir, err := integration.Tmpdir(t)
 	if err != nil {
diff --git a/cmd/buildctl/build.go b/cmd/buildctl/build.go
index db1a5684ad12..bd78f8ff7b3d 100644
--- a/cmd/buildctl/build.go
+++ b/cmd/buildctl/build.go
@@ -284,8 +284,6 @@ func buildAction(clicontext *cli.Context) error {
 		if def != nil {
 			sreq.Definition = def.ToPB()
 		}
-		solveOpt.Frontend = ""
-		solveOpt.FrontendAttrs = nil
 
 		resp, err := c.Build(ctx, solveOpt, "buildctl", func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
 			_, isSubRequest := sreq.FrontendOpt["requestid"]
diff --git a/control/control.go b/control/control.go
index 8ae6de8d039c..7ab14dfb4d5c 100644
--- a/control/control.go
+++ b/control/control.go
@@ -6,6 +6,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/docker/distribution/reference"
 	controlapi "github.com/moby/buildkit/api/services/control"
 	apitypes "github.com/moby/buildkit/api/types"
 	"github.com/moby/buildkit/cache/remotecache"
@@ -14,10 +15,12 @@ import (
 	"github.com/moby/buildkit/exporter"
 	"github.com/moby/buildkit/exporter/util/epoch"
 	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/frontend/attestations"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/session/grpchijack"
 	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/solver/llbsolver"
+	"github.com/moby/buildkit/solver/llbsolver/proc"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/bklog"
 	"github.com/moby/buildkit/util/imageutil"
@@ -323,6 +326,25 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 		})
 	}
 
+	attests, err := attestations.Parse(req.FrontendAttrs)
+	if err != nil {
+		return nil, err
+	}
+
+	var procs []llbsolver.Processor
+	if attrs, ok := attests["sbom"]; ok {
+		src := attrs["generator"]
+		if src == "" {
+			return nil, errors.Errorf("sbom generator cannot be empty")
+		}
+		ref, err := reference.ParseNormalizedNamed(src)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to parse sbom generator %s", src)
+		}
+		ref = reference.TagNameOnly(ref)
+		procs = append(procs, proc.ForceRefsProcessor, proc.SBOMProcessor(ref.String()))
+	}
+
 	resp, err := c.solver.Solve(ctx, req.Ref, req.Session, frontend.SolveRequest{
 		Frontend:       req.Frontend,
 		Definition:     req.Definition,
@@ -333,7 +355,7 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 		Exporter:        expi,
 		CacheExporter:   cacheExporter,
 		CacheExportMode: cacheExportMode,
-	}, req.Entitlements)
+	}, req.Entitlements, procs)
 	if err != nil {
 		return nil, err
 	}
diff --git a/exporter/containerimage/exptypes/types.go b/exporter/containerimage/exptypes/types.go
index 08b2daf2f1b0..f22344c86a7e 100644
--- a/exporter/containerimage/exptypes/types.go
+++ b/exporter/containerimage/exptypes/types.go
@@ -16,6 +16,14 @@ const (
 	ExporterEpochKey             = "source.date.epoch"
 )
 
+// KnownRefMetadataKeys are the subset of exporter keys that can be suffixed by
+// a platform to become platform specific
+var KnownRefMetadataKeys = []string{
+	ExporterImageConfigKey,
+	ExporterInlineCache,
+	ExporterBuildInfo,
+}
+
 type Platforms struct {
 	Platforms []Platform
 }
diff --git a/exporter/containerimage/writer.go b/exporter/containerimage/writer.go
index 107f66e01aac..66aecacde580 100644
--- a/exporter/containerimage/writer.go
+++ b/exporter/containerimage/writer.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"path"
 	"strings"
 	"time"
 
@@ -14,6 +13,7 @@ import (
 	"github.com/containerd/containerd/diff"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/continuity/fs"
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/moby/buildkit/cache"
 	cacheconfig "github.com/moby/buildkit/cache/config"
@@ -266,7 +266,19 @@ func (ic *ImageWriter) exportLayers(ctx context.Context, refCfg cacheconfig.RefC
 
 func (ic *ImageWriter) extractAttestations(ctx context.Context, opts *ImageCommitOpts, s session.Group, desc *ocispecs.Descriptor, refs map[string]cache.ImmutableRef, attestations []result.Attestation) ([]intoto.Statement, error) {
 	eg, ctx := errgroup.WithContext(ctx)
-	statements := make([]intoto.Statement, len(attestations))
+	statements := make([][]intoto.Statement, len(attestations))
+
+	var purls []string
+	for _, name := range strings.Split(opts.ImageName, ",") {
+		if name == "" {
+			continue
+		}
+		p, err := purl.RefToPURL(name, desc.Platform)
+		if err != nil {
+			return nil, err
+		}
+		purls = append(purls, p)
+	}
 
 	if len(attestations) > 0 && refs == nil {
 		return nil, errors.Errorf("no refs map provided to lookup attestation keys")
@@ -275,58 +287,54 @@ func (ic *ImageWriter) extractAttestations(ctx context.Context, opts *ImageCommi
 	for i, att := range attestations {
 		i, att := i, att
 		eg.Go(func() error {
+			ref, ok := refs[att.Ref]
+			if !ok {
+				return errors.Errorf("key %s not found in refs map", att.Ref)
+			}
+			mount, err := ref.Mount(ctx, true, s)
+			if err != nil {
+				return err
+			}
+			lm := snapshot.LocalMounter(mount)
+			src, err := lm.Mount()
+			if err != nil {
+				return err
+			}
+			defer lm.Unmount()
+
 			switch att.Kind {
 			case gatewaypb.AttestationKindInToto:
-				ref, ok := refs[att.Ref]
-				if !ok {
-					return errors.Errorf("key %s not found in refs map", att.Ref)
-				}
-
-				mount, err := ref.Mount(ctx, true, s)
+				p, err := fs.RootPath(src, att.Path)
 				if err != nil {
 					return err
 				}
-
-				lm := snapshot.LocalMounter(mount)
-				src, err := lm.Mount()
+				data, err := os.ReadFile(p)
 				if err != nil {
-					return err
+					return errors.Wrap(err, "cannot read in-toto attestation")
 				}
-				defer lm.Unmount()
-				predicate, err := os.ReadFile(path.Join(src, att.Path))
-				if err != nil {
-					return err
-				}
-				if len(predicate) == 0 {
-					predicate = nil
+				if len(data) == 0 {
+					data = nil
 				}
 
+				var subjects []intoto.Subject
 				if len(att.InToto.Subjects) == 0 {
 					att.InToto.Subjects = []result.InTotoSubject{{
 						Kind: gatewaypb.InTotoSubjectKindSelf,
 					}}
 				}
-
-				subjects := make([]intoto.Subject, 0, len(att.InToto.Subjects))
 				for _, subject := range att.InToto.Subjects {
 					name := "_"
 					if subject.Name != "" {
 						name = subject.Name
 					}
+
 					switch subject.Kind {
 					case gatewaypb.InTotoSubjectKindSelf:
-						var names []string
-						if opts.ImageName != "" {
-							for _, name := range strings.Split(opts.ImageName, ",") {
-								name, err := purl.RefToPURL(name, desc.Platform)
-								if err != nil {
-									return err
-								}
-								names = append(names, name)
-							}
-						} else {
-							names = []string{name}
+						names := []string{}
+						if name != "_" {
+							names = append(names, name)
 						}
+						names = append(names, purls...)
 						for _, name := range names {
 							subjects = append(subjects, intoto.Subject{
 								Name:   name,
@@ -338,28 +346,70 @@ func (ic *ImageWriter) extractAttestations(ctx context.Context, opts *ImageCommi
 							Name:   name,
 							Digest: result.DigestMap(subject.Digest...),
 						})
-
 					default:
-						return errors.Errorf("unknown attestation subject kind %q", subject.Kind)
+						return errors.Errorf("unknown attestation subject type %T", subject)
 					}
 				}
-				statements[i] = intoto.Statement{
+
+				stmt := intoto.Statement{
 					StatementHeader: intoto.StatementHeader{
 						Type:          intoto.StatementInTotoV01,
 						PredicateType: att.InToto.PredicateType,
 						Subject:       subjects,
 					},
-					Predicate: json.RawMessage(predicate),
+					Predicate: json.RawMessage(data),
+				}
+				statements[i] = append(statements[i], stmt)
+			case gatewaypb.AttestationKindBundle:
+				dir, err := fs.RootPath(src, att.Path)
+				if err != nil {
+					return err
+				}
+				entries, err := os.ReadDir(dir)
+				if err != nil {
+					return err
+				}
+
+				for _, entry := range entries {
+					p, err := fs.RootPath(dir, entry.Name())
+					if err != nil {
+						return err
+					}
+					f, err := os.Open(p)
+					if err != nil {
+						return err
+					}
+					dec := json.NewDecoder(f)
+					var stmt intoto.Statement
+					if err := dec.Decode(&stmt); err != nil {
+						return errors.Wrap(err, "cannot decode in-toto statement")
+					}
+					if att.InToto.PredicateType != "" && stmt.PredicateType != att.InToto.PredicateType {
+						return errors.Errorf("bundle entry %s does not match required predicate type %s", stmt.PredicateType, att.InToto.PredicateType)
+					}
+					if stmt.Subject == nil {
+						for _, name := range purls {
+							stmt.Subject = append(stmt.Subject, intoto.Subject{
+								Name:   name,
+								Digest: result.DigestMap(desc.Digest),
+							})
+						}
+					}
+					statements[i] = append(statements[i], stmt)
 				}
 			}
 			return nil
 		})
 	}
-
 	if err := eg.Wait(); err != nil {
 		return nil, err
 	}
-	return statements, nil
+
+	var allStatements []intoto.Statement
+	for _, statements := range statements {
+		allStatements = append(allStatements, statements...)
+	}
+	return allStatements, nil
 }
 
 func (ic *ImageWriter) commitDistributionManifest(ctx context.Context, opts *ImageCommitOpts, ref cache.ImmutableRef, config []byte, remote *solver.Remote, annotations *Annotations, inlineCache []byte, buildInfo []byte, epoch *time.Time) (*ocispecs.Descriptor, *ocispecs.Descriptor, error) {
@@ -485,7 +535,7 @@ func (ic *ImageWriter) commitAttestationsManifest(ctx context.Context, opts *Ima
 
 		data, err := json.Marshal(statement)
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrap(err, "failed to marshal attestation")
 		}
 		digest := digest.FromBytes(data)
 		desc := ocispecs.Descriptor{
diff --git a/frontend/attest/sbom.go b/frontend/attest/sbom.go
new file mode 100644
index 000000000000..6c70a3d654a9
--- /dev/null
+++ b/frontend/attest/sbom.go
@@ -0,0 +1,84 @@
+package attest
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"path"
+
+	intoto "github.com/in-toto/in-toto-golang/in_toto"
+	"github.com/moby/buildkit/client/llb"
+	gatewaypb "github.com/moby/buildkit/frontend/gateway/pb"
+	"github.com/moby/buildkit/solver/result"
+	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+// Scanner is a function type for scanning the contents of a state and
+// returning a new attestation and state representing the scan results.
+//
+// A scanner is designed a scan a single state, however, additional states can
+// also be attached, for attaching additional information, such as scans of
+// build-contexts or multi-stage builds. Handling these separately allows the
+// scanner to optionally ignore these or to mark them as such in the
+// attestation.
+type Scanner func(ctx context.Context, name string, ref llb.State, extras map[string]llb.State) (result.Attestation, llb.State, error)
+
+func CreateSBOMScanner(ctx context.Context, resolver llb.ImageMetaResolver, scanner string) (Scanner, error) {
+	if scanner == "" {
+		return nil, nil
+	}
+
+	_, dt, err := resolver.ResolveImageConfig(ctx, scanner, llb.ResolveImageConfigOpt{})
+	if err != nil {
+		return nil, err
+	}
+
+	var cfg ocispecs.Image
+	if err := json.Unmarshal(dt, &cfg); err != nil {
+		return nil, err
+	}
+	if len(cfg.Config.Cmd) == 0 {
+		return nil, errors.Errorf("scanner %s does not have cmd", scanner)
+	}
+
+	return func(ctx context.Context, name string, ref llb.State, extras map[string]llb.State) (result.Attestation, llb.State, error) {
+		srcDir := "/run/src/"
+		outDir := "/run/out/"
+
+		args := []string{}
+		args = append(args, cfg.Config.Entrypoint...)
+		args = append(args, cfg.Config.Cmd...)
+		runscan := llb.Image(scanner).Run(
+			llb.Dir(cfg.Config.WorkingDir),
+			llb.AddEnv("BUILDKIT_SCAN_SOURCE", path.Join(srcDir, "core")),
+			llb.AddEnv("BUILDKIT_SCAN_SOURCE_EXTRAS", path.Join(srcDir, "extras/")),
+			llb.AddEnv("BUILDKIT_SCAN_DESTINATION", outDir),
+			llb.Args(args),
+			llb.WithCustomName(fmt.Sprintf("[%s] generating sbom using %s", name, scanner)))
+
+		runscan.AddMount(path.Join(srcDir, "core"), ref, llb.Readonly)
+		for k, extra := range extras {
+			runscan.AddMount(path.Join(srcDir, "extras", k), extra, llb.Readonly)
+		}
+
+		stsbom := runscan.AddMount(outDir, llb.Scratch())
+		return result.Attestation{
+			Kind: gatewaypb.AttestationKindBundle,
+			InToto: result.InTotoAttestation{
+				PredicateType: intoto.PredicateSPDX,
+			},
+		}, stsbom, nil
+	}, nil
+}
+
+func HasSBOM[T any](res *result.Result[T]) bool {
+	for _, as := range res.Attestations {
+		for _, a := range as {
+			if a.InToto.PredicateType == intoto.PredicateSPDX {
+				return true
+			}
+		}
+	}
+	return false
+}
diff --git a/frontend/attestations/parse.go b/frontend/attestations/parse.go
new file mode 100644
index 000000000000..7d697a0f4e1d
--- /dev/null
+++ b/frontend/attestations/parse.go
@@ -0,0 +1,72 @@
+package attestations
+
+import (
+	"encoding/csv"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+const (
+	KeyTypeSbom       = "sbom"
+	KeyTypeProvenance = "provenance"
+)
+
+const (
+	// TODO: update this before next buildkit release
+	defaultSBOMGenerator = "jedevc/buildkit-syft-scanner:master@sha256:de630f621eb0ab1bb1245cea76d01c5bddfe78af4f5b9adecde424cb7ec5605e"
+)
+
+func Filter(v map[string]string) map[string]string {
+	attests := make(map[string]string)
+	for k, v := range v {
+		if strings.HasPrefix(k, "attest:") {
+			attests[k] = v
+			continue
+		}
+		if strings.HasPrefix(k, "build-arg:BUILDKIT_ATTEST_") {
+			attests[k] = v
+			continue
+		}
+	}
+	return attests
+}
+
+func Parse(v map[string]string) (map[string]map[string]string, error) {
+	attests := make(map[string]string)
+	for k, v := range v {
+		if strings.HasPrefix(k, "attest:") {
+			attests[strings.ToLower(strings.TrimPrefix(k, "attest:"))] = v
+			continue
+		}
+		if strings.HasPrefix(k, "build-arg:BUILDKIT_ATTEST_") {
+			attests[strings.ToLower(strings.TrimPrefix(k, "build-arg:BUILDKIT_ATTEST_"))] = v
+			continue
+		}
+	}
+
+	out := make(map[string]map[string]string)
+	for k, v := range attests {
+		attrs := make(map[string]string)
+		out[k] = attrs
+		if k == KeyTypeSbom {
+			attrs["generator"] = defaultSBOMGenerator
+		}
+		if v == "" {
+			continue
+		}
+		csvReader := csv.NewReader(strings.NewReader(v))
+		fields, err := csvReader.Read()
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to parse %s", k)
+		}
+		for _, field := range fields {
+			parts := strings.SplitN(field, "=", 2)
+			if len(parts) != 2 {
+				parts = append(parts, "")
+			}
+			attrs[parts[0]] = parts[1]
+		}
+	}
+	return out, nil
+}
diff --git a/frontend/dockerfile/builder/build.go b/frontend/dockerfile/builder/build.go
index 9f381aa3b47b..5494351af511 100644
--- a/frontend/dockerfile/builder/build.go
+++ b/frontend/dockerfile/builder/build.go
@@ -20,6 +20,9 @@ import (
 	controlapi "github.com/moby/buildkit/api/services/control"
 	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/exporter/containerimage/exptypes"
+	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/frontend/attest"
+	"github.com/moby/buildkit/frontend/attestations"
 	"github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb"
 	"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
@@ -485,7 +488,30 @@ func Build(ctx context.Context, c client.Client) (_ *client.Result, err error) {
 		}
 	}
 
-	eg, ctx = errgroup.WithContext(ctx)
+	var scanner attest.Scanner
+	attests, err := attestations.Parse(opts)
+	if err != nil {
+		return nil, err
+	}
+	if attrs, ok := attests[attestations.KeyTypeSbom]; ok {
+		src, ok := attrs["generator"]
+		if !ok {
+			return nil, errors.Errorf("sbom scanner cannot be empty")
+		}
+		ref, err := reference.ParseNormalizedNamed(src)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to parse sbom scanner %s", src)
+		}
+		ref = reference.TagNameOnly(ref)
+		exportMap = true
+
+		scanner, err = attest.CreateSBOMScanner(ctx, c, ref.String())
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	eg, ctx2 = errgroup.WithContext(ctx)
 
 	for i, tp := range targetPlatforms {
 		func(i int, tp *ocispecs.Platform) {
@@ -496,13 +522,13 @@ func Build(ctx context.Context, c client.Client) (_ *client.Result, err error) {
 					opt.Warn = nil
 				}
 				opt.ContextByName = contextByNameFunc(c, c.BuildOpts().SessionID)
-				st, img, bi, err := dockerfile2llb.Dockerfile2LLB(ctx, dtDockerfile, opt)
+				st, img, bi, err := dockerfile2llb.Dockerfile2LLB(ctx2, dtDockerfile, opt)
 
 				if err != nil {
 					return err
 				}
 
-				def, err := st.Marshal(ctx)
+				def, err := st.Marshal(ctx2)
 				if err != nil {
 					return errors.Wrapf(err, "failed to marshal LLB definition")
 				}
@@ -538,7 +564,7 @@ func Build(ctx context.Context, c client.Client) (_ *client.Result, err error) {
 					}
 				}
 
-				r, err := c.Solve(ctx, client.SolveRequest{
+				r, err := c.Solve(ctx2, client.SolveRequest{
 					Definition:   def.ToPB(),
 					CacheImports: cacheImports,
 				})
@@ -590,6 +616,37 @@ func Build(ctx context.Context, c client.Client) (_ *client.Result, err error) {
 		return nil, err
 	}
 
+	if scanner != nil {
+		for _, p := range expPlatforms.Platforms {
+			ref, ok := res.Refs[p.ID]
+			if !ok {
+				return nil, errors.Errorf("could not find ref %s", p.ID)
+			}
+			st, err := ref.ToState()
+			if err != nil {
+				return nil, err
+			}
+
+			att, st, err := scanner(ctx, p.ID, st, nil)
+			if err != nil {
+				return nil, err
+			}
+
+			def, err := st.Marshal(ctx)
+			if err != nil {
+				return nil, err
+			}
+			r, err := c.Solve(ctx, frontend.SolveRequest{
+				Definition: def.ToPB(),
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			res.AddAttestation(p.ID, att, r.Ref)
+		}
+	}
+
 	dt, err := json.Marshal(expPlatforms)
 	if err != nil {
 		return nil, err
diff --git a/frontend/dockerfile/dockerfile_test.go b/frontend/dockerfile/dockerfile_test.go
index 3747d11b7525..0e11aabb1164 100644
--- a/frontend/dockerfile/dockerfile_test.go
+++ b/frontend/dockerfile/dockerfile_test.go
@@ -27,6 +27,7 @@ import (
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/snapshots"
 	"github.com/containerd/continuity/fs/fstest"
+	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/frontend/dockerfile/builder"
@@ -146,6 +147,7 @@ var allTests = integration.TestFuncs(
 	testCopyFollowAllSymlinks,
 	testDockerfileAddChownExpand,
 	testSourceDateEpochWithoutExporter,
+	testSBOMScannerImage,
 )
 
 // Tests that depend on the `security.*` entitlements
@@ -6046,6 +6048,110 @@ COPY Dockerfile .
 	}
 }
 
+func testSBOMScannerImage(t *testing.T, sb integration.Sandbox) {
+	ctx := sb.Context()
+
+	c, err := client.New(ctx, sb.Address())
+	require.NoError(t, err)
+	defer c.Close()
+
+	registry, err := sb.NewRegistry()
+	if errors.Is(err, integration.ErrRequirements) {
+		t.Skip(err.Error())
+	}
+	require.NoError(t, err)
+
+	f := getFrontend(t, sb)
+
+	dockerfile := []byte(`
+FROM busybox:latest
+COPY <<-"EOF" /scan.sh
+	set -e
+	cat <<BUNDLE > $BUILDKIT_SCAN_DESTINATION/spdx.json
+	{
+	  "_type": "https://in-toto.io/Statement/v0.1",
+	  "predicateType": "https://spdx.dev/Document",
+	  "predicate": {"success": true}
+	}
+	BUNDLE
+EOF
+CMD sh /scan.sh
+`)
+	scannerDir, err := integration.Tmpdir(
+		t,
+		fstest.CreateFile("Dockerfile", dockerfile, 0600),
+	)
+	require.NoError(t, err)
+
+	scannerTarget := registry + "/buildkit/testsbomscanner:latest"
+	_, err = f.Solve(sb.Context(), c, client.SolveOpt{
+		LocalDirs: map[string]string{
+			builder.DefaultLocalNameDockerfile: scannerDir,
+			builder.DefaultLocalNameContext:    scannerDir,
+		},
+		Exports: []client.ExportEntry{
+			{
+				Type: client.ExporterImage,
+				Attrs: map[string]string{
+					"name": scannerTarget,
+					"push": "true",
+				},
+			},
+		},
+	}, nil)
+	require.NoError(t, err)
+
+	dockerfile = []byte(`
+FROM scratch
+COPY <<EOF /foo
+data
+EOF
+`)
+	dir, err := integration.Tmpdir(
+		t,
+		fstest.CreateFile("Dockerfile", dockerfile, 0600),
+	)
+	require.NoError(t, err)
+
+	target := registry + "/buildkit/testsbomscannertarget:latest"
+	_, err = f.Solve(sb.Context(), c, client.SolveOpt{
+		LocalDirs: map[string]string{
+			builder.DefaultLocalNameDockerfile: dir,
+			builder.DefaultLocalNameContext:    dir,
+		},
+		FrontendAttrs: map[string]string{
+			"attest:sbom": "generator=" + scannerTarget,
+		},
+		Exports: []client.ExportEntry{
+			{
+				Type: client.ExporterImage,
+				Attrs: map[string]string{
+					"name": target,
+					"push": "true",
+				},
+			},
+		},
+	}, nil)
+	require.NoError(t, err)
+
+	desc, provider, err := contentutil.ProviderFromRef(target)
+	require.NoError(t, err)
+	imgs, err := testutil.ReadImages(sb.Context(), provider, desc)
+	require.NoError(t, err)
+	require.Equal(t, 2, len(imgs.Images))
+
+	img := imgs.Find(platforms.Format(platforms.Normalize(platforms.DefaultSpec())))
+	require.NotNil(t, img)
+	require.Equal(t, []byte("data\n"), img.Layers[0]["foo"].Data)
+
+	att := imgs.Find("unknown/unknown")
+	var attest intoto.Statement
+	require.NoError(t, json.Unmarshal(att.LayersRaw[0], &attest))
+	require.Equal(t, "https://in-toto.io/Statement/v0.1", attest.Type)
+	require.Equal(t, intoto.PredicateSPDX, attest.PredicateType)
+	require.Equal(t, map[string]interface{}{"success": true}, attest.Predicate)
+}
+
 func runShell(dir string, cmds ...string) error {
 	for _, args := range cmds {
 		var cmd *exec.Cmd
diff --git a/frontend/gateway/pb/gateway.pb.go b/frontend/gateway/pb/gateway.pb.go
index b1670622b94e..86b6bde848d4 100644
--- a/frontend/gateway/pb/gateway.pb.go
+++ b/frontend/gateway/pb/gateway.pb.go
@@ -37,14 +37,17 @@ type AttestationKind int32
 
 const (
 	AttestationKindInToto AttestationKind = 0
+	AttestationKindBundle AttestationKind = 1
 )
 
 var AttestationKind_name = map[int32]string{
 	0: "InToto",
+	1: "Bundle",
 }
 
 var AttestationKind_value = map[string]int32{
 	"InToto": 0,
+	"Bundle": 1,
 }
 
 func (x AttestationKind) String() string {
@@ -2597,156 +2600,157 @@ func init() {
 func init() { proto.RegisterFile("gateway.proto", fileDescriptor_f1a937782ebbded5) }
 
 var fileDescriptor_f1a937782ebbded5 = []byte{
-	// 2375 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x19, 0x4b, 0x6f, 0x1b, 0xc7,
-	0x59, 0x2b, 0x52, 0x7c, 0x7c, 0x7c, 0x88, 0x1e, 0x3b, 0xe9, 0x7a, 0x11, 0x38, 0xf4, 0x3a, 0x51,
-	0x68, 0xc5, 0x21, 0x53, 0x3a, 0x81, 0x5c, 0xbb, 0x75, 0x62, 0xbd, 0x20, 0xc5, 0x92, 0xcd, 0x8e,
-	0x5c, 0xb8, 0x08, 0x52, 0xa0, 0x2b, 0x72, 0x48, 0x6f, 0x4d, 0xed, 0x6e, 0x77, 0x87, 0x96, 0x95,
-	0x5c, 0xda, 0x5b, 0x91, 0x53, 0x4f, 0xbd, 0x05, 0x05, 0xda, 0x3f, 0xd0, 0x5e, 0x7a, 0x6b, 0xcf,
-	0x01, 0x7a, 0xe9, 0xa5, 0x97, 0x1e, 0x82, 0xc2, 0x3f, 0xa2, 0x45, 0x6f, 0xc5, 0x37, 0x33, 0x4b,
-	0x0e, 0x1f, 0x5a, 0x52, 0xc9, 0x89, 0x33, 0xdf, 0x7c, 0x8f, 0xf9, 0xde, 0xdf, 0x2c, 0xa1, 0xd4,
-	0x73, 0x38, 0x3b, 0x75, 0xce, 0xea, 0x41, 0xe8, 0x73, 0x9f, 0x5c, 0x3d, 0xf1, 0x8f, 0xcf, 0xea,
-	0xc7, 0x03, 0xb7, 0xdf, 0x79, 0xee, 0xf2, 0xfa, 0x8b, 0xef, 0xd7, 0xbb, 0xa1, 0xef, 0x71, 0xe6,
-	0x75, 0xac, 0xf7, 0x7a, 0x2e, 0x7f, 0x36, 0x38, 0xae, 0xb7, 0xfd, 0x93, 0x46, 0xcf, 0xef, 0xf9,
-	0x0d, 0x41, 0x71, 0x3c, 0xe8, 0x8a, 0x9d, 0xd8, 0x88, 0x95, 0xe4, 0x64, 0x35, 0x27, 0xd1, 0x7b,
-	0xbe, 0xdf, 0xeb, 0x33, 0x27, 0x70, 0x23, 0xb5, 0x6c, 0x84, 0x41, 0xbb, 0x11, 0x71, 0x87, 0x0f,
-	0x22, 0x45, 0x73, 0x4b, 0xa3, 0xc1, 0x8b, 0x34, 0xe2, 0x8b, 0x34, 0x22, 0xbf, 0xff, 0x82, 0x85,
-	0x8d, 0xe0, 0xb8, 0xe1, 0x07, 0x31, 0x76, 0xe3, 0x5c, 0x6c, 0x27, 0x70, 0x1b, 0xfc, 0x2c, 0x60,
-	0x51, 0xe3, 0xd4, 0x0f, 0x9f, 0xb3, 0x50, 0x11, 0xdc, 0x3e, 0x97, 0x60, 0xc0, 0xdd, 0x3e, 0x52,
-	0xb5, 0x9d, 0x20, 0x42, 0x21, 0xf8, 0xab, 0x88, 0x74, 0xb5, 0xb9, 0xef, 0xb9, 0x11, 0x77, 0xdd,
-	0x9e, 0xdb, 0xe8, 0x46, 0x82, 0x46, 0x4a, 0x41, 0x25, 0x24, 0xba, 0xfd, 0xf7, 0x34, 0x64, 0x28,
-	0x8b, 0x06, 0x7d, 0x4e, 0xd6, 0xa0, 0x14, 0xb2, 0xee, 0x36, 0x0b, 0x42, 0xd6, 0x76, 0x38, 0xeb,
-	0x98, 0x46, 0xd5, 0xa8, 0xe5, 0xf7, 0x96, 0xe8, 0x38, 0x98, 0xfc, 0x04, 0xca, 0x21, 0xeb, 0x46,
-	0x1a, 0xe2, 0x72, 0xd5, 0xa8, 0x15, 0x9a, 0xef, 0xd6, 0xcf, 0x75, 0x46, 0x9d, 0xb2, 0xee, 0xa1,
-	0x13, 0x8c, 0x48, 0xf6, 0x96, 0xe8, 0x04, 0x13, 0xd2, 0x84, 0x54, 0xc8, 0xba, 0x66, 0x4a, 0xf0,
-	0xba, 0x96, 0xcc, 0x6b, 0x6f, 0x89, 0x22, 0x32, 0xd9, 0x80, 0x34, 0x72, 0x31, 0xd3, 0x82, 0xe8,
-	0xfa, 0xdc, 0x0b, 0xec, 0x2d, 0x51, 0x41, 0x40, 0x1e, 0x42, 0xee, 0x84, 0x71, 0xa7, 0xe3, 0x70,
-	0xc7, 0x84, 0x6a, 0xaa, 0x56, 0x68, 0x36, 0x12, 0x89, 0xd1, 0x40, 0xf5, 0x43, 0x45, 0xb1, 0xe3,
-	0xf1, 0xf0, 0x8c, 0x0e, 0x19, 0x90, 0xa7, 0x50, 0x74, 0x38, 0x67, 0x68, 0x55, 0xd7, 0xf7, 0x22,
-	0xb3, 0x20, 0x18, 0xde, 0x9e, 0xcf, 0xf0, 0x81, 0x46, 0x25, 0x99, 0x8e, 0x31, 0xb2, 0xee, 0x41,
-	0x69, 0x4c, 0x26, 0xa9, 0x40, 0xea, 0x39, 0x3b, 0x93, 0x8e, 0xa1, 0xb8, 0x24, 0x57, 0x60, 0xe5,
-	0x85, 0xd3, 0x1f, 0x30, 0xe1, 0x83, 0x22, 0x95, 0x9b, 0xbb, 0xcb, 0x77, 0x0c, 0xeb, 0x19, 0x5c,
-	0x9a, 0xe2, 0x3f, 0x83, 0xc1, 0x8f, 0x74, 0x06, 0x85, 0xe6, 0x3b, 0x09, 0xb7, 0xd6, 0xd9, 0x69,
-	0x92, 0x36, 0x73, 0x90, 0x09, 0x85, 0x42, 0xf6, 0xef, 0x0c, 0xa8, 0x4c, 0xba, 0x9a, 0xec, 0x2b,
-	0x27, 0x19, 0xc2, 0x2c, 0x1f, 0x5e, 0x20, 0x4a, 0x10, 0xa0, 0x0c, 0x23, 0x58, 0x58, 0x1b, 0x90,
-	0x1f, 0x82, 0xe6, 0x19, 0x23, 0xaf, 0x5d, 0xd1, 0xde, 0x80, 0x14, 0x65, 0x5d, 0x52, 0x86, 0x65,
-	0x57, 0xc5, 0x35, 0x5d, 0x76, 0x3b, 0xa4, 0x0a, 0xa9, 0x0e, 0xeb, 0x2a, 0xd5, 0xcb, 0xf5, 0xe0,
-	0xb8, 0xbe, 0xcd, 0xba, 0xae, 0xe7, 0xa2, 0x8a, 0x14, 0x8f, 0xec, 0x3f, 0x18, 0x98, 0x1f, 0x78,
-	0x2d, 0xf2, 0xd1, 0x98, 0x1e, 0xf3, 0xa3, 0x7d, 0xea, 0xf6, 0x4f, 0x93, 0x6f, 0xff, 0xc1, 0xb8,
-	0x27, 0xe6, 0xa4, 0x80, 0xae, 0xdd, 0x4f, 0xa1, 0xa8, 0xfb, 0x86, 0xec, 0x41, 0x41, 0x8b, 0x23,
-	0x75, 0xe1, 0xb5, 0xc5, 0x3c, 0x4b, 0x75, 0x52, 0xfb, 0xbf, 0x06, 0x14, 0xb4, 0x43, 0x72, 0x1f,
-	0xd2, 0xcf, 0x5d, 0x4f, 0x9a, 0xb0, 0xdc, 0x5c, 0x5f, 0x8c, 0xe5, 0x43, 0xd7, 0xeb, 0x50, 0x41,
-	0x87, 0x5a, 0x87, 0xca, 0xe0, 0x79, 0x99, 0xc2, 0x04, 0xd2, 0x81, 0xc3, 0x9f, 0x89, 0xbc, 0xcf,
-	0x53, 0xb1, 0x26, 0xef, 0xc3, 0x65, 0xd7, 0x7b, 0xe2, 0x73, 0xbf, 0x15, 0xb2, 0x8e, 0x8b, 0xa1,
-	0xf0, 0xe4, 0x2c, 0x60, 0x22, 0xcb, 0xf3, 0x74, 0xd6, 0x11, 0x69, 0x41, 0x59, 0x82, 0x8f, 0x06,
-	0xc7, 0xbf, 0x60, 0x6d, 0x1e, 0x99, 0x2b, 0x42, 0xe9, 0x5a, 0xc2, 0x0d, 0xf7, 0x75, 0x02, 0x3a,
-	0x41, 0x6f, 0xff, 0xd9, 0x80, 0xd2, 0x18, 0x06, 0xf9, 0x78, 0x4c, 0xf7, 0x5b, 0x8b, 0x72, 0xd6,
-	0xb4, 0xff, 0x04, 0x32, 0x1d, 0xb7, 0xc7, 0x22, 0x6e, 0x2e, 0x57, 0x53, 0xb5, 0xfc, 0x66, 0xf3,
-	0xeb, 0x6f, 0xde, 0x5c, 0xfa, 0xd7, 0x37, 0x6f, 0xae, 0x6b, 0x35, 0xdb, 0x0f, 0x98, 0xd7, 0xf6,
-	0x3d, 0xee, 0xb8, 0x1e, 0x0b, 0xb1, 0xf5, 0xbc, 0x27, 0x49, 0xea, 0xdb, 0xe2, 0x87, 0x2a, 0x0e,
-	0x68, 0x37, 0xcf, 0x39, 0x61, 0xb1, 0xdd, 0x70, 0x6d, 0x73, 0x28, 0x51, 0xc6, 0x07, 0xa1, 0x47,
-	0xd9, 0x2f, 0x07, 0x88, 0xf4, 0x83, 0x38, 0x33, 0xc5, 0xa5, 0xe7, 0x55, 0x48, 0x44, 0xa4, 0x8a,
-	0x80, 0xd4, 0x60, 0x85, 0x85, 0xa1, 0x1f, 0xaa, 0x68, 0x24, 0x75, 0xd9, 0x04, 0xeb, 0x61, 0xd0,
-	0xae, 0x1f, 0x89, 0x26, 0x48, 0x25, 0x82, 0x5d, 0x81, 0x72, 0x2c, 0x35, 0x0a, 0x7c, 0x2f, 0x62,
-	0xf6, 0x2a, 0x9a, 0x2e, 0x18, 0xf0, 0x48, 0xdd, 0xc3, 0xfe, 0x9b, 0x01, 0xe5, 0x18, 0x22, 0x71,
-	0xc8, 0x67, 0x50, 0x18, 0xe5, 0x5a, 0x9c, 0x54, 0x77, 0x13, 0x8d, 0xaa, 0xd3, 0x6b, 0x89, 0xaa,
-	0x72, 0x4c, 0x67, 0x67, 0x3d, 0x82, 0xca, 0x24, 0xc2, 0x8c, 0x8c, 0x7b, 0x6b, 0x3c, 0xe3, 0x26,
-	0x0b, 0x80, 0x96, 0x61, 0xff, 0x34, 0xe0, 0x2a, 0x65, 0xa2, 0xab, 0xef, 0x9f, 0x38, 0x3d, 0xb6,
-	0xe5, 0x7b, 0x5d, 0xb7, 0x17, 0x9b, 0xb9, 0x22, 0xaa, 0x4b, 0xcc, 0x19, 0x0b, 0x4d, 0x0d, 0x72,
-	0xad, 0xbe, 0xc3, 0xbb, 0x7e, 0x78, 0xa2, 0x98, 0x17, 0x91, 0x79, 0x0c, 0xa3, 0xc3, 0x53, 0x52,
-	0x85, 0x82, 0x62, 0x7c, 0xe8, 0x77, 0x62, 0x77, 0xea, 0x20, 0x62, 0x42, 0xf6, 0xc0, 0xef, 0x3d,
-	0x42, 0x67, 0xcb, 0x0c, 0x88, 0xb7, 0xc4, 0x86, 0xa2, 0x42, 0x0c, 0x45, 0x82, 0xac, 0x54, 0x8d,
-	0xda, 0x0a, 0x1d, 0x83, 0x91, 0x37, 0x20, 0x7f, 0xc4, 0xa2, 0xc8, 0xf5, 0xbd, 0xfd, 0x6d, 0x33,
-	0x23, 0xe8, 0x47, 0x00, 0xfb, 0x57, 0x06, 0x58, 0xb3, 0xf4, 0x52, 0x4e, 0xfa, 0x04, 0x32, 0x32,
-	0xec, 0xa4, 0x6e, 0xdf, 0x2e, 0x60, 0xe5, 0x2f, 0x79, 0x1d, 0x32, 0x92, 0xbb, 0x6a, 0x55, 0x6a,
-	0x67, 0xff, 0x65, 0x05, 0x8a, 0x47, 0x78, 0x81, 0xd8, 0x9a, 0x75, 0x80, 0x91, 0x13, 0x54, 0xe0,
-	0x4e, 0xba, 0x46, 0xc3, 0x20, 0x16, 0xe4, 0x76, 0x55, 0x90, 0xa8, 0xc2, 0x32, 0xdc, 0x93, 0x4f,
-	0xa1, 0x10, 0xaf, 0x1f, 0x07, 0xdc, 0x4c, 0x89, 0x28, 0xbb, 0x93, 0x10, 0x65, 0xfa, 0x4d, 0xea,
-	0x1a, 0xa9, 0x8a, 0x31, 0x0d, 0x42, 0x6e, 0xc1, 0x25, 0xa7, 0xdf, 0xf7, 0x4f, 0x55, 0xe2, 0x88,
-	0x14, 0x10, 0x2e, 0xc8, 0xd1, 0xe9, 0x03, 0xac, 0x69, 0x1a, 0xf0, 0x41, 0x18, 0x3a, 0x67, 0x18,
-	0x33, 0x19, 0x81, 0x3f, 0xeb, 0x08, 0xbb, 0xd9, 0xae, 0xeb, 0x39, 0x7d, 0x13, 0x04, 0x8e, 0xdc,
-	0xa0, 0xcf, 0x77, 0x5e, 0x06, 0x7e, 0xc8, 0x59, 0xf8, 0x80, 0xf3, 0xd0, 0x2c, 0x08, 0x63, 0x8e,
-	0xc1, 0x48, 0x0b, 0x8a, 0x5b, 0x4e, 0xfb, 0x19, 0xdb, 0x3f, 0x41, 0x60, 0x64, 0x16, 0x85, 0xda,
-	0x49, 0x15, 0x4b, 0xa0, 0x3f, 0x0e, 0xf4, 0x49, 0x44, 0xe7, 0x40, 0xda, 0x50, 0x8e, 0x55, 0x97,
-	0x79, 0x68, 0x96, 0x04, 0xcf, 0x7b, 0x17, 0x35, 0xa5, 0xa4, 0x96, 0x22, 0x26, 0x58, 0xa2, 0x23,
-	0x77, 0x30, 0xe5, 0x1c, 0xce, 0xcc, 0xb2, 0xd0, 0x79, 0xb8, 0xb7, 0xee, 0x43, 0x65, 0xd2, 0x1b,
-	0x17, 0x19, 0x00, 0xac, 0x1f, 0xc3, 0xe5, 0x19, 0x57, 0xf8, 0x4e, 0x35, 0xe1, 0x4f, 0x06, 0x5c,
-	0x9a, 0xb2, 0x1b, 0xd6, 0x65, 0x91, 0x8b, 0x92, 0xa5, 0x58, 0x93, 0x43, 0x58, 0x41, 0xbf, 0x44,
-	0xa2, 0xec, 0x17, 0x9a, 0x1b, 0x17, 0x71, 0x44, 0x5d, 0x50, 0x4a, 0x83, 0x49, 0x2e, 0xd6, 0x1d,
-	0x80, 0x11, 0xf0, 0x42, 0x63, 0xd0, 0x67, 0x50, 0x52, 0x5e, 0x51, 0x09, 0xae, 0xfa, 0xb1, 0x31,
-	0xea, 0xc7, 0xa3, 0x96, 0x91, 0xba, 0x60, 0xcb, 0xb0, 0xbf, 0x80, 0x55, 0xca, 0x9c, 0xce, 0xae,
-	0xdb, 0x67, 0xe7, 0x57, 0x46, 0xcc, 0x56, 0xb7, 0xcf, 0x5a, 0xd8, 0xf3, 0xe3, 0x6c, 0x55, 0x7b,
-	0x72, 0x17, 0x56, 0xa8, 0xe3, 0xf5, 0x98, 0x12, 0xfd, 0x56, 0x82, 0x68, 0x21, 0x04, 0x71, 0xa9,
-	0x24, 0xb1, 0xef, 0x41, 0x7e, 0x08, 0xc3, 0x5a, 0xf3, 0xb8, 0xdb, 0x8d, 0x98, 0xac, 0x5b, 0x29,
-	0xaa, 0x76, 0x08, 0x3f, 0x60, 0x5e, 0x4f, 0x89, 0x4e, 0x51, 0xb5, 0xb3, 0xd7, 0x70, 0x6c, 0x8d,
-	0x6f, 0xae, 0x4c, 0x43, 0x20, 0xbd, 0x8d, 0xcf, 0x03, 0x43, 0x24, 0x98, 0x58, 0xdb, 0x1d, 0x6c,
-	0x75, 0x4e, 0x67, 0xdb, 0x0d, 0xcf, 0x57, 0xd0, 0x84, 0xec, 0xb6, 0x1b, 0x6a, 0xfa, 0xc5, 0x5b,
-	0xb2, 0x86, 0x4d, 0xb0, 0xdd, 0x1f, 0x74, 0x50, 0x5b, 0xce, 0x42, 0x4f, 0x55, 0xfb, 0x09, 0xa8,
-	0xfd, 0x91, 0xb4, 0xa3, 0x90, 0xa2, 0x2e, 0x73, 0x0b, 0xb2, 0xcc, 0xe3, 0xa1, 0xcb, 0xe2, 0x4e,
-	0x49, 0xea, 0xf2, 0x45, 0x57, 0x17, 0x2f, 0x3a, 0xd1, 0x91, 0x69, 0x8c, 0x62, 0x6f, 0xc0, 0x2a,
-	0x02, 0x92, 0x1d, 0x41, 0x20, 0xad, 0x5d, 0x52, 0xac, 0xed, 0xbb, 0x50, 0x19, 0x11, 0x2a, 0xd1,
-	0x6b, 0x90, 0xc6, 0x39, 0x4e, 0x15, 0xe2, 0x59, 0x72, 0xc5, 0xb9, 0x7d, 0x03, 0x56, 0xe3, 0x6c,
-	0x3d, 0x57, 0xa8, 0x4d, 0xa0, 0x32, 0x42, 0x52, 0xd3, 0x42, 0x09, 0x0a, 0x2d, 0xd7, 0x8b, 0x9b,
-	0xa9, 0xfd, 0xca, 0x80, 0x62, 0xcb, 0xf7, 0x46, 0x4d, 0xa8, 0x05, 0xab, 0x71, 0xea, 0x3e, 0x68,
-	0xed, 0x6f, 0x39, 0x41, 0x6c, 0x83, 0xea, 0x74, 0x7c, 0xa8, 0x37, 0x71, 0x5d, 0x22, 0x6e, 0xa6,
-	0xb1, 0x5f, 0xd1, 0x49, 0x72, 0xf2, 0x31, 0x64, 0x0f, 0x0e, 0x36, 0x05, 0xa7, 0xe5, 0x0b, 0x71,
-	0x8a, 0xc9, 0xc8, 0x7d, 0xc8, 0x3e, 0x15, 0x4f, 0xf5, 0x48, 0xf5, 0x94, 0x19, 0xb1, 0x2a, 0x2d,
-	0x24, 0xd1, 0x28, 0x6b, 0xfb, 0x61, 0x87, 0xc6, 0x44, 0xf6, 0x7f, 0x0c, 0x28, 0x3c, 0x75, 0x46,
-	0x83, 0xda, 0x68, 0x32, 0xfc, 0x0e, 0x8d, 0x56, 0x4d, 0x86, 0x57, 0x60, 0xa5, 0xcf, 0x5e, 0xb0,
-	0xbe, 0x8a, 0x71, 0xb9, 0x41, 0x68, 0xf4, 0xcc, 0x0f, 0x65, 0x5a, 0x17, 0xa9, 0xdc, 0x60, 0x42,
-	0x74, 0x18, 0x77, 0xdc, 0xbe, 0x99, 0xae, 0xa6, 0xb0, 0x29, 0xcb, 0x1d, 0x7a, 0x6e, 0x10, 0xf6,
-	0x45, 0x37, 0xcb, 0x53, 0x5c, 0x12, 0x1b, 0xd2, 0xae, 0xd7, 0xf5, 0x45, 0xc3, 0x52, 0x65, 0xf1,
-	0xc8, 0x1f, 0x84, 0x6d, 0xb6, 0xef, 0x75, 0x7d, 0x2a, 0xce, 0xc8, 0x75, 0xc8, 0x84, 0x98, 0x7f,
-	0x91, 0x99, 0x15, 0x46, 0xc9, 0x23, 0x96, 0xcc, 0x52, 0x75, 0x60, 0x97, 0xa1, 0x28, 0xf5, 0x56,
-	0xce, 0xff, 0xed, 0x32, 0x5c, 0x7e, 0xc4, 0x4e, 0xb7, 0x62, 0xbd, 0x62, 0x83, 0x54, 0xa1, 0x30,
-	0x84, 0xed, 0x6f, 0xab, 0x10, 0xd2, 0x41, 0x28, 0xec, 0xd0, 0x1f, 0x78, 0x3c, 0xf6, 0xa1, 0x10,
-	0x26, 0x20, 0x54, 0x1d, 0x90, 0xb7, 0x21, 0xfb, 0x88, 0xf1, 0x53, 0x3f, 0x7c, 0x2e, 0xb4, 0x2e,
-	0x37, 0x0b, 0x88, 0xf3, 0x88, 0x71, 0x9c, 0xab, 0x68, 0x7c, 0x86, 0xc3, 0x5a, 0x10, 0x0f, 0x6b,
-	0xe9, 0x59, 0xc3, 0x5a, 0x7c, 0x4a, 0x36, 0xa0, 0xd0, 0xf6, 0xbd, 0x88, 0x87, 0x8e, 0xeb, 0x89,
-	0x37, 0x06, 0x22, 0xbf, 0x86, 0xc8, 0xd2, 0xb1, 0x5b, 0xa3, 0x43, 0xaa, 0x63, 0x92, 0x75, 0x00,
-	0xf6, 0x92, 0x87, 0xce, 0x9e, 0x1f, 0xf1, 0xc8, 0xcc, 0x88, 0x0b, 0x03, 0xd2, 0x21, 0x60, 0xbf,
-	0x45, 0xb5, 0x53, 0xfb, 0x75, 0xb8, 0x32, 0x6e, 0x11, 0x65, 0xaa, 0x7b, 0xf0, 0x3d, 0xca, 0xfa,
-	0xcc, 0x89, 0xd8, 0xc5, 0xad, 0x65, 0x5b, 0x60, 0x4e, 0x13, 0x2b, 0xc6, 0xff, 0x4b, 0x41, 0x61,
-	0xe7, 0x25, 0x6b, 0x1f, 0xb2, 0x28, 0x72, 0x7a, 0x62, 0x64, 0x6c, 0x85, 0x7e, 0x9b, 0x45, 0xd1,
-	0x90, 0xd7, 0x08, 0x40, 0x7e, 0x08, 0xe9, 0x7d, 0xcf, 0xe5, 0xaa, 0x3f, 0xae, 0x25, 0x4e, 0xec,
-	0x2e, 0x57, 0x3c, 0xf7, 0x96, 0xa8, 0xa0, 0x22, 0x77, 0x21, 0x8d, 0xd5, 0x65, 0x91, 0x0a, 0xdf,
-	0xd1, 0x68, 0x91, 0x86, 0x6c, 0x8a, 0x4f, 0x55, 0xee, 0xe7, 0x4c, 0x79, 0xa9, 0x96, 0xdc, 0x9a,
-	0xdc, 0xcf, 0xd9, 0x88, 0x83, 0xa2, 0x24, 0x3b, 0x90, 0x3d, 0xe2, 0x4e, 0xc8, 0x59, 0x47, 0x79,
-	0xef, 0x66, 0xd2, 0x04, 0x23, 0x31, 0x47, 0x5c, 0x62, 0x5a, 0x34, 0xc2, 0xce, 0x4b, 0x97, 0xab,
-	0x6c, 0x48, 0x32, 0x02, 0xa2, 0x69, 0x8a, 0xe0, 0x16, 0xa9, 0xb7, 0x7d, 0x8f, 0x99, 0xd9, 0xb9,
-	0xd4, 0x88, 0xa6, 0x51, 0xe3, 0x16, 0xcd, 0x70, 0xe4, 0xf6, 0x70, 0x30, 0xcc, 0xcd, 0x35, 0x83,
-	0x44, 0xd4, 0xcc, 0x20, 0x01, 0x9b, 0x59, 0x58, 0x11, 0x63, 0x90, 0xfd, 0x7b, 0x03, 0x0a, 0x9a,
-	0x9f, 0x16, 0xc8, 0xbb, 0x37, 0x20, 0x7d, 0xc8, 0xb8, 0xa3, 0xfc, 0x9f, 0x13, 0x59, 0xc7, 0xb8,
-	0x43, 0x05, 0x14, 0x0b, 0xc7, 0x6e, 0x47, 0x16, 0xc5, 0x12, 0xc5, 0x25, 0x42, 0x9e, 0xf0, 0x33,
-	0xe1, 0xb2, 0x1c, 0xc5, 0x25, 0xb9, 0x05, 0xb9, 0x23, 0xd6, 0x1e, 0x84, 0x2e, 0x3f, 0x13, 0x4e,
-	0x28, 0x37, 0x2b, 0xa2, 0x9c, 0x28, 0x98, 0x48, 0xce, 0x21, 0x86, 0xfd, 0x10, 0x83, 0x73, 0x74,
-	0x41, 0x02, 0xe9, 0x2d, 0x7c, 0x28, 0xe1, 0xcd, 0x4a, 0x54, 0xac, 0xf1, 0xad, 0xba, 0x33, 0xef,
-	0xad, 0xba, 0x13, 0xbf, 0x55, 0xc7, 0x9d, 0x8a, 0xdd, 0x47, 0x33, 0xb2, 0xfd, 0x00, 0xf2, 0xc3,
-	0xc0, 0x23, 0x65, 0x58, 0xde, 0xed, 0x28, 0x49, 0xcb, 0xbb, 0xe2, 0xeb, 0xc5, 0xce, 0xe3, 0x5d,
-	0x21, 0x25, 0x47, 0x71, 0x39, 0x1c, 0x12, 0x52, 0xda, 0x90, 0xb0, 0x81, 0xaf, 0x70, 0x2d, 0xfa,
-	0x10, 0x89, 0xfa, 0xa7, 0x51, 0x7c, 0x65, 0x5c, 0x4b, 0x35, 0xfa, 0x91, 0xe0, 0x25, 0xd4, 0xe8,
-	0x47, 0xf6, 0x0d, 0x28, 0x8d, 0xf9, 0x0b, 0x91, 0xc4, 0xb3, 0x4f, 0xcd, 0x92, 0xb8, 0x5e, 0xbf,
-	0x0f, 0xab, 0x13, 0x9f, 0x56, 0xc8, 0xdb, 0x90, 0x91, 0x5f, 0x1c, 0x2a, 0x4b, 0xd6, 0xd5, 0x2f,
-	0xbf, 0xaa, 0xbe, 0x36, 0x81, 0x20, 0x0f, 0xad, 0xf4, 0x6f, 0xfe, 0x78, 0x6d, 0x69, 0xdd, 0x81,
-	0x4b, 0x53, 0x9f, 0x27, 0xc8, 0x0d, 0x48, 0x1f, 0xb1, 0x7e, 0x37, 0xa6, 0x9f, 0x42, 0xc0, 0x43,
-	0x72, 0x1d, 0x52, 0xd4, 0x39, 0xad, 0x18, 0x96, 0xf9, 0xe5, 0x57, 0xd5, 0x2b, 0xd3, 0xdf, 0x38,
-	0x9c, 0x53, 0x29, 0xa2, 0xf9, 0x57, 0x80, 0xfc, 0xc1, 0xc1, 0xe6, 0x66, 0xe8, 0x76, 0x7a, 0x8c,
-	0xfc, 0xda, 0x00, 0x32, 0xfd, 0xc4, 0x24, 0x1f, 0x24, 0x27, 0xef, 0xec, 0x97, 0xb6, 0xf5, 0xe1,
-	0x05, 0xa9, 0xd4, 0x08, 0xf1, 0x29, 0xac, 0x88, 0xb9, 0x97, 0xbc, 0xb3, 0xe0, 0x7b, 0xc5, 0xaa,
-	0xcd, 0x47, 0x54, 0xbc, 0xdb, 0x90, 0x8b, 0x67, 0x47, 0xb2, 0x9e, 0x78, 0xbd, 0xb1, 0xd1, 0xd8,
-	0x7a, 0x77, 0x21, 0x5c, 0x25, 0xe4, 0xe7, 0x90, 0x55, 0x23, 0x21, 0xb9, 0x39, 0x87, 0x6e, 0x34,
-	0x9c, 0x5a, 0xeb, 0x8b, 0xa0, 0x8e, 0xd4, 0x88, 0x47, 0xbf, 0x44, 0x35, 0x26, 0x06, 0xcb, 0x44,
-	0x35, 0xa6, 0x66, 0xc9, 0xf6, 0xe8, 0x85, 0x97, 0x28, 0x64, 0x62, 0x90, 0x4c, 0x14, 0x32, 0x39,
-	0x4f, 0x92, 0xa7, 0x90, 0xc6, 0x79, 0x92, 0x24, 0xd5, 0x55, 0x6d, 0xe0, 0xb4, 0x92, 0x62, 0x62,
-	0x6c, 0x10, 0xfd, 0x19, 0xf6, 0x1f, 0xf1, 0x98, 0x4f, 0xee, 0x3c, 0xda, 0x17, 0x38, 0xeb, 0xe6,
-	0x02, 0x98, 0x23, 0xf6, 0xea, 0x21, 0x5c, 0x5b, 0xe0, 0x33, 0xd8, 0x7c, 0xf6, 0x13, 0x1f, 0xdc,
-	0x7c, 0x28, 0xea, 0x63, 0x05, 0xa9, 0x27, 0x90, 0xce, 0x98, 0xc8, 0xac, 0xc6, 0xc2, 0xf8, 0x4a,
-	0xe0, 0x17, 0xf8, 0xa8, 0x1a, 0x1f, 0x39, 0x48, 0x33, 0xd1, 0x1c, 0x33, 0x87, 0x1b, 0xeb, 0xf6,
-	0x85, 0x68, 0x94, 0x70, 0x47, 0x8e, 0x34, 0x6a, 0x6c, 0x21, 0xc9, 0x1d, 0x7a, 0x38, 0xfa, 0x58,
-	0x0b, 0xe2, 0xd5, 0x8c, 0xf7, 0x0d, 0x8c, 0x33, 0x1c, 0x65, 0x13, 0x79, 0x6b, 0x33, 0x7e, 0x62,
-	0x9c, 0xe9, 0x33, 0xf1, 0x66, 0xf1, 0xeb, 0x57, 0xd7, 0x8c, 0x7f, 0xbc, 0xba, 0x66, 0xfc, 0xfb,
-	0xd5, 0x35, 0xe3, 0x38, 0x23, 0xfe, 0xa8, 0xbb, 0xfd, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0xab,
-	0x58, 0x65, 0x65, 0xfa, 0x1c, 0x00, 0x00,
+	// 2387 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x19, 0x4d, 0x6f, 0x1b, 0xc7,
+	0x55, 0x2b, 0x52, 0x1f, 0x7c, 0xa4, 0x28, 0x7a, 0xec, 0xa4, 0xeb, 0x45, 0xe0, 0xd0, 0xeb, 0x44,
+	0xa1, 0x15, 0x87, 0x4c, 0xe9, 0x04, 0x72, 0xed, 0xd6, 0x89, 0xf5, 0x05, 0x29, 0x96, 0x6c, 0x76,
+	0xe4, 0xc2, 0x45, 0x90, 0x02, 0x5d, 0x71, 0x87, 0xf4, 0xd6, 0xab, 0xdd, 0xed, 0xee, 0xd0, 0xb2,
+	0x92, 0x4b, 0x7b, 0x2b, 0x72, 0xea, 0xa9, 0xb7, 0xa0, 0x40, 0xfb, 0x07, 0xda, 0x4b, 0x6f, 0xed,
+	0x39, 0x40, 0x2f, 0xbd, 0xf4, 0xd2, 0x43, 0x50, 0xf8, 0x47, 0xb4, 0xe8, 0xad, 0x78, 0x33, 0xb3,
+	0xe4, 0xf0, 0x43, 0x4b, 0x2a, 0x39, 0x71, 0xe6, 0xcd, 0xfb, 0x98, 0xf7, 0xfd, 0x66, 0x09, 0x2b,
+	0x5d, 0x87, 0xb3, 0x53, 0xe7, 0xac, 0x1e, 0xc5, 0x21, 0x0f, 0xc9, 0xd5, 0x93, 0xf0, 0xf8, 0xac,
+	0x7e, 0xdc, 0xf3, 0x7c, 0xf7, 0xb9, 0xc7, 0xeb, 0x2f, 0xbe, 0x5f, 0xef, 0xc4, 0x61, 0xc0, 0x59,
+	0xe0, 0x5a, 0xef, 0x75, 0x3d, 0xfe, 0xac, 0x77, 0x5c, 0x6f, 0x87, 0x27, 0x8d, 0x6e, 0xd8, 0x0d,
+	0x1b, 0x82, 0xe2, 0xb8, 0xd7, 0x11, 0x3b, 0xb1, 0x11, 0x2b, 0xc9, 0xc9, 0x6a, 0x8e, 0xa2, 0x77,
+	0xc3, 0xb0, 0xeb, 0x33, 0x27, 0xf2, 0x12, 0xb5, 0x6c, 0xc4, 0x51, 0xbb, 0x91, 0x70, 0x87, 0xf7,
+	0x12, 0x45, 0x73, 0x4b, 0xa3, 0xc1, 0x8b, 0x34, 0xd2, 0x8b, 0x34, 0x92, 0xd0, 0x7f, 0xc1, 0xe2,
+	0x46, 0x74, 0xdc, 0x08, 0xa3, 0x14, 0xbb, 0x71, 0x2e, 0xb6, 0x13, 0x79, 0x0d, 0x7e, 0x16, 0xb1,
+	0xa4, 0x71, 0x1a, 0xc6, 0xcf, 0x59, 0xac, 0x08, 0x6e, 0x9f, 0x4b, 0xd0, 0xe3, 0x9e, 0x8f, 0x54,
+	0x6d, 0x27, 0x4a, 0x50, 0x08, 0xfe, 0x2a, 0x22, 0x5d, 0x6d, 0x1e, 0x06, 0x5e, 0xc2, 0x3d, 0xaf,
+	0xeb, 0x35, 0x3a, 0x89, 0xa0, 0x91, 0x52, 0x50, 0x09, 0x89, 0x6e, 0xff, 0x3d, 0x0f, 0x8b, 0x94,
+	0x25, 0x3d, 0x9f, 0x93, 0x35, 0x58, 0x89, 0x59, 0x67, 0x9b, 0x45, 0x31, 0x6b, 0x3b, 0x9c, 0xb9,
+	0xa6, 0x51, 0x35, 0x6a, 0x85, 0xbd, 0x39, 0x3a, 0x0c, 0x26, 0x3f, 0x81, 0x72, 0xcc, 0x3a, 0x89,
+	0x86, 0x38, 0x5f, 0x35, 0x6a, 0xc5, 0xe6, 0xbb, 0xf5, 0x73, 0x9d, 0x51, 0xa7, 0xac, 0x73, 0xe8,
+	0x44, 0x03, 0x92, 0xbd, 0x39, 0x3a, 0xc2, 0x84, 0x34, 0x21, 0x17, 0xb3, 0x8e, 0x99, 0x13, 0xbc,
+	0xae, 0x65, 0xf3, 0xda, 0x9b, 0xa3, 0x88, 0x4c, 0x36, 0x20, 0x8f, 0x5c, 0xcc, 0xbc, 0x20, 0xba,
+	0x3e, 0xf5, 0x02, 0x7b, 0x73, 0x54, 0x10, 0x90, 0x87, 0xb0, 0x7c, 0xc2, 0xb8, 0xe3, 0x3a, 0xdc,
+	0x31, 0xa1, 0x9a, 0xab, 0x15, 0x9b, 0x8d, 0x4c, 0x62, 0x34, 0x50, 0xfd, 0x50, 0x51, 0xec, 0x04,
+	0x3c, 0x3e, 0xa3, 0x7d, 0x06, 0xe4, 0x29, 0x94, 0x1c, 0xce, 0x19, 0x5a, 0xd5, 0x0b, 0x83, 0xc4,
+	0x2c, 0x0a, 0x86, 0xb7, 0xa7, 0x33, 0x7c, 0xa0, 0x51, 0x49, 0xa6, 0x43, 0x8c, 0xac, 0x7b, 0xb0,
+	0x32, 0x24, 0x93, 0x54, 0x20, 0xf7, 0x9c, 0x9d, 0x49, 0xc7, 0x50, 0x5c, 0x92, 0x2b, 0xb0, 0xf0,
+	0xc2, 0xf1, 0x7b, 0x4c, 0xf8, 0xa0, 0x44, 0xe5, 0xe6, 0xee, 0xfc, 0x1d, 0xc3, 0x7a, 0x06, 0x97,
+	0xc6, 0xf8, 0x4f, 0x60, 0xf0, 0x23, 0x9d, 0x41, 0xb1, 0xf9, 0x4e, 0xc6, 0xad, 0x75, 0x76, 0x9a,
+	0xa4, 0xcd, 0x65, 0x58, 0x8c, 0x85, 0x42, 0xf6, 0xef, 0x0c, 0xa8, 0x8c, 0xba, 0x9a, 0xec, 0x2b,
+	0x27, 0x19, 0xc2, 0x2c, 0x1f, 0x5e, 0x20, 0x4a, 0x10, 0xa0, 0x0c, 0x23, 0x58, 0x58, 0x1b, 0x50,
+	0xe8, 0x83, 0xa6, 0x19, 0xa3, 0xa0, 0x5d, 0xd1, 0xde, 0x80, 0x1c, 0x65, 0x1d, 0x52, 0x86, 0x79,
+	0x4f, 0xc5, 0x35, 0x9d, 0xf7, 0x5c, 0x52, 0x85, 0x9c, 0xcb, 0x3a, 0x4a, 0xf5, 0x72, 0x3d, 0x3a,
+	0xae, 0x6f, 0xb3, 0x8e, 0x17, 0x78, 0xa8, 0x22, 0xc5, 0x23, 0xfb, 0x0f, 0x06, 0xe6, 0x07, 0x5e,
+	0x8b, 0x7c, 0x34, 0xa4, 0xc7, 0xf4, 0x68, 0x1f, 0xbb, 0xfd, 0xd3, 0xec, 0xdb, 0x7f, 0x30, 0xec,
+	0x89, 0x29, 0x29, 0xa0, 0x6b, 0xf7, 0x53, 0x28, 0xe9, 0xbe, 0x21, 0x7b, 0x50, 0xd4, 0xe2, 0x48,
+	0x5d, 0x78, 0x6d, 0x36, 0xcf, 0x52, 0x9d, 0xd4, 0xfe, 0xaf, 0x01, 0x45, 0xed, 0x90, 0xdc, 0x87,
+	0xfc, 0x73, 0x2f, 0x90, 0x26, 0x2c, 0x37, 0xd7, 0x67, 0x63, 0xf9, 0xd0, 0x0b, 0x5c, 0x2a, 0xe8,
+	0x50, 0xeb, 0x58, 0x19, 0xbc, 0x20, 0x53, 0x98, 0x40, 0x3e, 0x72, 0xf8, 0x33, 0x91, 0xf7, 0x05,
+	0x2a, 0xd6, 0xe4, 0x7d, 0xb8, 0xec, 0x05, 0x4f, 0x42, 0x1e, 0xb6, 0x62, 0xe6, 0x7a, 0x18, 0x0a,
+	0x4f, 0xce, 0x22, 0x26, 0xb2, 0xbc, 0x40, 0x27, 0x1d, 0x91, 0x16, 0x94, 0x25, 0xf8, 0xa8, 0x77,
+	0xfc, 0x0b, 0xd6, 0xe6, 0x89, 0xb9, 0x20, 0x94, 0xae, 0x65, 0xdc, 0x70, 0x5f, 0x27, 0xa0, 0x23,
+	0xf4, 0xf6, 0x9f, 0x0d, 0x58, 0x19, 0xc2, 0x20, 0x1f, 0x0f, 0xe9, 0x7e, 0x6b, 0x56, 0xce, 0x9a,
+	0xf6, 0x9f, 0xc0, 0xa2, 0xeb, 0x75, 0x59, 0xc2, 0xcd, 0xf9, 0x6a, 0xae, 0x56, 0xd8, 0x6c, 0x7e,
+	0xfd, 0xcd, 0x9b, 0x73, 0xff, 0xfa, 0xe6, 0xcd, 0x75, 0xad, 0x66, 0x87, 0x11, 0x0b, 0xda, 0x61,
+	0xc0, 0x1d, 0x2f, 0x60, 0x31, 0xb6, 0x9e, 0xf7, 0x24, 0x49, 0x7d, 0x5b, 0xfc, 0x50, 0xc5, 0x01,
+	0xed, 0x16, 0x38, 0x27, 0x2c, 0xb5, 0x1b, 0xae, 0x6d, 0x0e, 0x2b, 0x94, 0xf1, 0x5e, 0x1c, 0x50,
+	0xf6, 0xcb, 0x1e, 0x22, 0xfd, 0x20, 0xcd, 0x4c, 0x71, 0xe9, 0x69, 0x15, 0x12, 0x11, 0xa9, 0x22,
+	0x20, 0x35, 0x58, 0x60, 0x71, 0x1c, 0xc6, 0x2a, 0x1a, 0x49, 0x5d, 0x36, 0xc1, 0x7a, 0x1c, 0xb5,
+	0xeb, 0x47, 0xa2, 0x09, 0x52, 0x89, 0x60, 0x57, 0xa0, 0x9c, 0x4a, 0x4d, 0xa2, 0x30, 0x48, 0x98,
+	0xbd, 0x8a, 0xa6, 0x8b, 0x7a, 0x3c, 0x51, 0xf7, 0xb0, 0xff, 0x66, 0x40, 0x39, 0x85, 0x48, 0x1c,
+	0xf2, 0x19, 0x14, 0x07, 0xb9, 0x96, 0x26, 0xd5, 0xdd, 0x4c, 0xa3, 0xea, 0xf4, 0x5a, 0xa2, 0xaa,
+	0x1c, 0xd3, 0xd9, 0x59, 0x8f, 0xa0, 0x32, 0x8a, 0x30, 0x21, 0xe3, 0xde, 0x1a, 0xce, 0xb8, 0xd1,
+	0x02, 0xa0, 0x65, 0xd8, 0x3f, 0x0d, 0xb8, 0x4a, 0x99, 0xe8, 0xea, 0xfb, 0x27, 0x4e, 0x97, 0x6d,
+	0x85, 0x41, 0xc7, 0xeb, 0xa6, 0x66, 0xae, 0x88, 0xea, 0x92, 0x72, 0xc6, 0x42, 0x53, 0x83, 0xe5,
+	0x96, 0xef, 0xf0, 0x4e, 0x18, 0x9f, 0x28, 0xe6, 0x25, 0x64, 0x9e, 0xc2, 0x68, 0xff, 0x94, 0x54,
+	0xa1, 0xa8, 0x18, 0x1f, 0x86, 0x6e, 0xea, 0x4e, 0x1d, 0x44, 0x4c, 0x58, 0x3a, 0x08, 0xbb, 0x8f,
+	0xd0, 0xd9, 0x32, 0x03, 0xd2, 0x2d, 0xb1, 0xa1, 0xa4, 0x10, 0x63, 0x91, 0x20, 0x0b, 0x55, 0xa3,
+	0xb6, 0x40, 0x87, 0x60, 0xe4, 0x0d, 0x28, 0x1c, 0xb1, 0x24, 0xf1, 0xc2, 0x60, 0x7f, 0xdb, 0x5c,
+	0x14, 0xf4, 0x03, 0x80, 0xfd, 0x2b, 0x03, 0xac, 0x49, 0x7a, 0x29, 0x27, 0x7d, 0x02, 0x8b, 0x32,
+	0xec, 0xa4, 0x6e, 0xdf, 0x2e, 0x60, 0xe5, 0x2f, 0x79, 0x1d, 0x16, 0x25, 0x77, 0xd5, 0xaa, 0xd4,
+	0xce, 0xfe, 0xcb, 0x02, 0x94, 0x8e, 0xf0, 0x02, 0xa9, 0x35, 0xeb, 0x00, 0x03, 0x27, 0xa8, 0xc0,
+	0x1d, 0x75, 0x8d, 0x86, 0x41, 0x2c, 0x58, 0xde, 0x55, 0x41, 0xa2, 0x0a, 0x4b, 0x7f, 0x4f, 0x3e,
+	0x85, 0x62, 0xba, 0x7e, 0x1c, 0x71, 0x33, 0x27, 0xa2, 0xec, 0x4e, 0x46, 0x94, 0xe9, 0x37, 0xa9,
+	0x6b, 0xa4, 0x2a, 0xc6, 0x34, 0x08, 0xb9, 0x05, 0x97, 0x1c, 0xdf, 0x0f, 0x4f, 0x55, 0xe2, 0x88,
+	0x14, 0x10, 0x2e, 0x58, 0xa6, 0xe3, 0x07, 0x58, 0xd3, 0x34, 0xe0, 0x83, 0x38, 0x76, 0xce, 0x30,
+	0x66, 0x16, 0x05, 0xfe, 0xa4, 0x23, 0xec, 0x66, 0xbb, 0x5e, 0xe0, 0xf8, 0x26, 0x08, 0x1c, 0xb9,
+	0x41, 0x9f, 0xef, 0xbc, 0x8c, 0xc2, 0x98, 0xb3, 0xf8, 0x01, 0xe7, 0xb1, 0x59, 0x14, 0xc6, 0x1c,
+	0x82, 0x91, 0x16, 0x94, 0xb6, 0x9c, 0xf6, 0x33, 0xb6, 0x7f, 0x82, 0xc0, 0xc4, 0x2c, 0x09, 0xb5,
+	0xb3, 0x2a, 0x96, 0x40, 0x7f, 0x1c, 0xe9, 0x93, 0x88, 0xce, 0x81, 0xb4, 0xa1, 0x9c, 0xaa, 0x2e,
+	0xf3, 0xd0, 0x5c, 0x11, 0x3c, 0xef, 0x5d, 0xd4, 0x94, 0x92, 0x5a, 0x8a, 0x18, 0x61, 0x89, 0x8e,
+	0xdc, 0xc1, 0x94, 0x73, 0x38, 0x33, 0xcb, 0x42, 0xe7, 0xfe, 0xde, 0xba, 0x0f, 0x95, 0x51, 0x6f,
+	0x5c, 0x64, 0x00, 0xb0, 0x7e, 0x0c, 0x97, 0x27, 0x5c, 0xe1, 0x3b, 0xd5, 0x84, 0x3f, 0x19, 0x70,
+	0x69, 0xcc, 0x6e, 0x58, 0x97, 0x45, 0x2e, 0x4a, 0x96, 0x62, 0x4d, 0x0e, 0x61, 0x01, 0xfd, 0x92,
+	0x88, 0xb2, 0x5f, 0x6c, 0x6e, 0x5c, 0xc4, 0x11, 0x75, 0x41, 0x29, 0x0d, 0x26, 0xb9, 0x58, 0x77,
+	0x00, 0x06, 0xc0, 0x0b, 0x8d, 0x41, 0x9f, 0xc1, 0x8a, 0xf2, 0x8a, 0x4a, 0x70, 0xd5, 0x8f, 0x8d,
+	0x41, 0x3f, 0x1e, 0xb4, 0x8c, 0xdc, 0x05, 0x5b, 0x86, 0xfd, 0x05, 0xac, 0x52, 0xe6, 0xb8, 0xbb,
+	0x9e, 0xcf, 0xce, 0xaf, 0x8c, 0x98, 0xad, 0x9e, 0xcf, 0x5a, 0xd8, 0xf3, 0xd3, 0x6c, 0x55, 0x7b,
+	0x72, 0x17, 0x16, 0xa8, 0x13, 0x74, 0x99, 0x12, 0xfd, 0x56, 0x86, 0x68, 0x21, 0x04, 0x71, 0xa9,
+	0x24, 0xb1, 0xef, 0x41, 0xa1, 0x0f, 0xc3, 0x5a, 0xf3, 0xb8, 0xd3, 0x49, 0x98, 0xac, 0x5b, 0x39,
+	0xaa, 0x76, 0x08, 0x3f, 0x60, 0x41, 0x57, 0x89, 0xce, 0x51, 0xb5, 0xb3, 0xd7, 0x70, 0x6c, 0x4d,
+	0x6f, 0xae, 0x4c, 0x43, 0x20, 0xbf, 0x8d, 0xcf, 0x03, 0x43, 0x24, 0x98, 0x58, 0xdb, 0x2e, 0xb6,
+	0x3a, 0xc7, 0xdd, 0xf6, 0xe2, 0xf3, 0x15, 0x34, 0x61, 0x69, 0xdb, 0x8b, 0x35, 0xfd, 0xd2, 0x2d,
+	0x59, 0xc3, 0x26, 0xd8, 0xf6, 0x7b, 0x2e, 0x6a, 0xcb, 0x59, 0x1c, 0xa8, 0x6a, 0x3f, 0x02, 0xb5,
+	0x3f, 0x92, 0x76, 0x14, 0x52, 0xd4, 0x65, 0x6e, 0xc1, 0x12, 0x0b, 0x78, 0xec, 0xb1, 0xb4, 0x53,
+	0x92, 0xba, 0x7c, 0xd1, 0xd5, 0xc5, 0x8b, 0x4e, 0x74, 0x64, 0x9a, 0xa2, 0xd8, 0x1b, 0xb0, 0x8a,
+	0x80, 0x6c, 0x47, 0x10, 0xc8, 0x6b, 0x97, 0x14, 0x6b, 0xfb, 0x2e, 0x54, 0x06, 0x84, 0x4a, 0xf4,
+	0x1a, 0xe4, 0x71, 0x8e, 0x53, 0x85, 0x78, 0x92, 0x5c, 0x71, 0x6e, 0xdf, 0x80, 0xd5, 0x34, 0x5b,
+	0xcf, 0x15, 0x6a, 0x13, 0xa8, 0x0c, 0x90, 0xd4, 0xb4, 0xb0, 0x02, 0xc5, 0x96, 0x17, 0xa4, 0xcd,
+	0xd4, 0x7e, 0x65, 0x40, 0xa9, 0x15, 0x06, 0x83, 0x26, 0xd4, 0x82, 0xd5, 0x34, 0x75, 0x1f, 0xb4,
+	0xf6, 0xb7, 0x9c, 0x28, 0xb5, 0x41, 0x75, 0x3c, 0x3e, 0xd4, 0x9b, 0xb8, 0x2e, 0x11, 0x37, 0xf3,
+	0xd8, 0xaf, 0xe8, 0x28, 0x39, 0xf9, 0x18, 0x96, 0x0e, 0x0e, 0x36, 0x05, 0xa7, 0xf9, 0x0b, 0x71,
+	0x4a, 0xc9, 0xc8, 0x7d, 0x58, 0x7a, 0x2a, 0x9e, 0xea, 0x89, 0xea, 0x29, 0x13, 0x62, 0x55, 0x5a,
+	0x48, 0xa2, 0x51, 0xd6, 0x0e, 0x63, 0x97, 0xa6, 0x44, 0xf6, 0x7f, 0x0c, 0x28, 0x3e, 0x75, 0x06,
+	0x83, 0xda, 0x60, 0x32, 0xfc, 0x0e, 0x8d, 0x56, 0x4d, 0x86, 0x57, 0x60, 0xc1, 0x67, 0x2f, 0x98,
+	0xaf, 0x62, 0x5c, 0x6e, 0x10, 0x9a, 0x3c, 0x0b, 0x63, 0x99, 0xd6, 0x25, 0x2a, 0x37, 0x98, 0x10,
+	0x2e, 0xe3, 0x8e, 0xe7, 0x9b, 0xf9, 0x6a, 0x0e, 0x9b, 0xb2, 0xdc, 0xa1, 0xe7, 0x7a, 0xb1, 0x2f,
+	0xba, 0x59, 0x81, 0xe2, 0x92, 0xd8, 0x90, 0xf7, 0x82, 0x4e, 0x28, 0x1a, 0x96, 0x2a, 0x8b, 0x47,
+	0x61, 0x2f, 0x6e, 0xb3, 0xfd, 0xa0, 0x13, 0x52, 0x71, 0x46, 0xae, 0xc3, 0x62, 0x8c, 0xf9, 0x97,
+	0x98, 0x4b, 0xc2, 0x28, 0x05, 0xc4, 0x92, 0x59, 0xaa, 0x0e, 0xec, 0x32, 0x94, 0xa4, 0xde, 0xca,
+	0xf9, 0xbf, 0x9d, 0x87, 0xcb, 0x8f, 0xd8, 0xe9, 0x56, 0xaa, 0x57, 0x6a, 0x90, 0x2a, 0x14, 0xfb,
+	0xb0, 0xfd, 0x6d, 0x15, 0x42, 0x3a, 0x08, 0x85, 0x1d, 0x86, 0xbd, 0x80, 0xa7, 0x3e, 0x14, 0xc2,
+	0x04, 0x84, 0xaa, 0x03, 0xf2, 0x36, 0x2c, 0x3d, 0x62, 0xfc, 0x34, 0x8c, 0x9f, 0x0b, 0xad, 0xcb,
+	0xcd, 0x22, 0xe2, 0x3c, 0x62, 0x1c, 0xe7, 0x2a, 0x9a, 0x9e, 0xe1, 0xb0, 0x16, 0xa5, 0xc3, 0x5a,
+	0x7e, 0xd2, 0xb0, 0x96, 0x9e, 0x92, 0x0d, 0x28, 0xb6, 0xc3, 0x20, 0xe1, 0xb1, 0xe3, 0x05, 0xe2,
+	0x8d, 0x81, 0xc8, 0xaf, 0x21, 0xb2, 0x74, 0xec, 0xd6, 0xe0, 0x90, 0xea, 0x98, 0x64, 0x1d, 0x80,
+	0xbd, 0xe4, 0xb1, 0xb3, 0x17, 0x26, 0x3c, 0x31, 0x17, 0xc5, 0x85, 0x01, 0xe9, 0x10, 0xb0, 0xdf,
+	0xa2, 0xda, 0xa9, 0xfd, 0x3a, 0x5c, 0x19, 0xb6, 0x88, 0x32, 0xd5, 0x3d, 0xf8, 0x1e, 0x65, 0x3e,
+	0x73, 0x12, 0x76, 0x71, 0x6b, 0xd9, 0x16, 0x98, 0xe3, 0xc4, 0x8a, 0xf1, 0xff, 0x72, 0x50, 0xdc,
+	0x79, 0xc9, 0xda, 0x87, 0x2c, 0x49, 0x9c, 0xae, 0x18, 0x19, 0x5b, 0x71, 0xd8, 0x66, 0x49, 0xd2,
+	0xe7, 0x35, 0x00, 0x90, 0x1f, 0x42, 0x7e, 0x3f, 0xf0, 0xb8, 0xea, 0x8f, 0x6b, 0x99, 0x13, 0xbb,
+	0xc7, 0x15, 0xcf, 0xbd, 0x39, 0x2a, 0xa8, 0xc8, 0x5d, 0xc8, 0x63, 0x75, 0x99, 0xa5, 0xc2, 0xbb,
+	0x1a, 0x2d, 0xd2, 0x90, 0x4d, 0xf1, 0xa9, 0xca, 0xfb, 0x9c, 0x29, 0x2f, 0xd5, 0xb2, 0x5b, 0x93,
+	0xf7, 0x39, 0x1b, 0x70, 0x50, 0x94, 0x64, 0x07, 0x96, 0x8e, 0xb8, 0x13, 0x73, 0xe6, 0x2a, 0xef,
+	0xdd, 0xcc, 0x9a, 0x60, 0x24, 0xe6, 0x80, 0x4b, 0x4a, 0x8b, 0x46, 0xd8, 0x79, 0xe9, 0x71, 0x95,
+	0x0d, 0x59, 0x46, 0x40, 0x34, 0x4d, 0x11, 0xdc, 0x22, 0xf5, 0x76, 0x18, 0x30, 0x73, 0x69, 0x2a,
+	0x35, 0xa2, 0x69, 0xd4, 0xb8, 0x45, 0x33, 0x1c, 0x79, 0x5d, 0x1c, 0x0c, 0x97, 0xa7, 0x9a, 0x41,
+	0x22, 0x6a, 0x66, 0x90, 0x80, 0xcd, 0x25, 0x58, 0x10, 0x63, 0x90, 0xfd, 0x7b, 0x03, 0x8a, 0x9a,
+	0x9f, 0x66, 0xc8, 0xbb, 0x37, 0x20, 0x7f, 0xc8, 0xb8, 0xa3, 0xfc, 0xbf, 0x2c, 0xb2, 0x8e, 0x71,
+	0x87, 0x0a, 0x28, 0x16, 0x8e, 0x5d, 0x57, 0x16, 0xc5, 0x15, 0x8a, 0x4b, 0x84, 0x3c, 0xe1, 0x67,
+	0xc2, 0x65, 0xcb, 0x14, 0x97, 0xe4, 0x16, 0x2c, 0x1f, 0xb1, 0x76, 0x2f, 0xf6, 0xf8, 0x99, 0x70,
+	0x42, 0xb9, 0x59, 0x11, 0xe5, 0x44, 0xc1, 0x44, 0x72, 0xf6, 0x31, 0xec, 0x87, 0x18, 0x9c, 0x83,
+	0x0b, 0x12, 0xc8, 0x6f, 0xe1, 0x43, 0x09, 0x6f, 0xb6, 0x42, 0xc5, 0x1a, 0xdf, 0xaa, 0x3b, 0xd3,
+	0xde, 0xaa, 0x3b, 0xe9, 0x5b, 0x75, 0xd8, 0xa9, 0xd8, 0x7d, 0x34, 0x23, 0xdb, 0x0f, 0xa0, 0xd0,
+	0x0f, 0x3c, 0x52, 0x86, 0xf9, 0x5d, 0x57, 0x49, 0x9a, 0xdf, 0x15, 0x5f, 0x2f, 0x76, 0x1e, 0xef,
+	0x0a, 0x29, 0xcb, 0x14, 0x97, 0xfd, 0x21, 0x21, 0xa7, 0x0d, 0x09, 0x1b, 0xf8, 0x0a, 0xd7, 0xa2,
+	0x0f, 0x91, 0x68, 0x78, 0x9a, 0xa4, 0x57, 0xc6, 0xb5, 0x54, 0xc3, 0x4f, 0x04, 0x2f, 0xa1, 0x86,
+	0x9f, 0xd8, 0x37, 0x60, 0x65, 0xc8, 0x5f, 0x88, 0x24, 0x9e, 0x7d, 0x6a, 0x96, 0xc4, 0xf5, 0x3a,
+	0x83, 0xd5, 0x91, 0x4f, 0x2b, 0xe4, 0x6d, 0x58, 0x94, 0x5f, 0x1c, 0x2a, 0x73, 0xd6, 0xd5, 0x2f,
+	0xbf, 0xaa, 0xbe, 0x36, 0x82, 0x20, 0x0f, 0x11, 0x6d, 0xb3, 0x17, 0xb8, 0x3e, 0xab, 0x18, 0x13,
+	0xd1, 0xe4, 0xa1, 0x95, 0xff, 0xcd, 0x1f, 0xaf, 0xcd, 0xad, 0x3b, 0x70, 0x69, 0xec, 0x2b, 0x06,
+	0xb9, 0x01, 0xf9, 0x23, 0xe6, 0x77, 0x52, 0x31, 0x63, 0x08, 0x78, 0x48, 0xae, 0x43, 0x8e, 0x3a,
+	0xa7, 0x15, 0xc3, 0x32, 0xbf, 0xfc, 0xaa, 0x7a, 0x65, 0xfc, 0x53, 0x88, 0x73, 0x2a, 0x45, 0x34,
+	0xff, 0x0a, 0x50, 0x38, 0x38, 0xd8, 0xdc, 0x8c, 0x3d, 0xb7, 0xcb, 0xc8, 0xaf, 0x0d, 0x20, 0xe3,
+	0x2f, 0x51, 0xf2, 0x41, 0x76, 0x8e, 0x4f, 0x7e, 0x90, 0x5b, 0x1f, 0x5e, 0x90, 0x4a, 0x4d, 0x1a,
+	0x9f, 0xc2, 0x82, 0x18, 0x8f, 0xc9, 0x3b, 0x33, 0x3e, 0x6b, 0xac, 0xda, 0x74, 0x44, 0xc5, 0xbb,
+	0x0d, 0xcb, 0xe9, 0x88, 0x49, 0xd6, 0x33, 0xaf, 0x37, 0x34, 0x41, 0x5b, 0xef, 0xce, 0x84, 0xab,
+	0x84, 0xfc, 0x1c, 0x96, 0xd4, 0xe4, 0x48, 0x6e, 0x4e, 0xa1, 0x1b, 0xcc, 0xb0, 0xd6, 0xfa, 0x2c,
+	0xa8, 0x03, 0x35, 0xd2, 0x09, 0x31, 0x53, 0x8d, 0x91, 0xf9, 0x33, 0x53, 0x8d, 0xb1, 0x91, 0xb3,
+	0x3d, 0x78, 0x08, 0x66, 0x0a, 0x19, 0x99, 0x37, 0x33, 0x85, 0x8c, 0x8e, 0x9d, 0xe4, 0x29, 0xe4,
+	0x71, 0xec, 0x24, 0x59, 0xe5, 0x57, 0x9b, 0x4b, 0xad, 0xac, 0x98, 0x18, 0x9a, 0x57, 0x7f, 0x86,
+	0x6d, 0x4a, 0xbc, 0xf9, 0xb3, 0x1b, 0x94, 0xf6, 0xa1, 0xce, 0xba, 0x39, 0x03, 0xe6, 0x80, 0xbd,
+	0x7a, 0x2f, 0xd7, 0x66, 0xf8, 0x5a, 0x36, 0x9d, 0xfd, 0xc8, 0x77, 0xb9, 0x10, 0x4a, 0xfa, 0xf4,
+	0x41, 0xea, 0x19, 0xa4, 0x13, 0x06, 0x37, 0xab, 0x31, 0x33, 0xbe, 0x12, 0xf8, 0x05, 0xbe, 0xbd,
+	0x86, 0x27, 0x13, 0xd2, 0xcc, 0x34, 0xc7, 0xc4, 0x19, 0xc8, 0xba, 0x7d, 0x21, 0x1a, 0x25, 0xdc,
+	0x91, 0x93, 0x8f, 0x9a, 0x6e, 0x48, 0x76, 0x23, 0xef, 0x4f, 0x48, 0xd6, 0x8c, 0x78, 0x35, 0xe3,
+	0x7d, 0x03, 0xe3, 0x0c, 0x27, 0xde, 0x4c, 0xde, 0xda, 0x53, 0x20, 0x33, 0xce, 0xf4, 0xd1, 0x79,
+	0xb3, 0xf4, 0xf5, 0xab, 0x6b, 0xc6, 0x3f, 0x5e, 0x5d, 0x33, 0xfe, 0xfd, 0xea, 0x9a, 0x71, 0xbc,
+	0x28, 0xfe, 0xcf, 0xbb, 0xfd, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x22, 0xd0, 0xf5, 0x61, 0x21,
+	0x1d, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
diff --git a/frontend/gateway/pb/gateway.proto b/frontend/gateway/pb/gateway.proto
index d26058357c83..3fa0d00d7341 100644
--- a/frontend/gateway/pb/gateway.proto
+++ b/frontend/gateway/pb/gateway.proto
@@ -82,6 +82,7 @@ message Attestation {
 enum AttestationKind {
 	option (gogoproto.goproto_enum_prefix) = false;
 	InToto = 0 [(gogoproto.enumvalue_customname) = "AttestationKindInToto"];
+	Bundle = 1 [(gogoproto.enumvalue_customname) = "AttestationKindBundle"];
 }
 
 message InTotoSubject {
diff --git a/solver/llbsolver/proc/refs.go b/solver/llbsolver/proc/refs.go
new file mode 100644
index 000000000000..9b6475b77e9b
--- /dev/null
+++ b/solver/llbsolver/proc/refs.go
@@ -0,0 +1,76 @@
+package proc
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/containerd/containerd/platforms"
+	"github.com/moby/buildkit/exporter/containerimage/exptypes"
+	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/llbsolver"
+	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ForceRefsProcessor is a processor that forces a result made of a single Ref
+// into the Refs map, correctly creating and converting relevant metadata.
+//
+// This is useful for cases where a frontend produces a single-platform image,
+// but we need to add additional Refs to it (e.g. attestations).
+func ForceRefsProcessor(ctx context.Context, result *frontend.Result, s *llbsolver.Solver, j *solver.Job) (*frontend.Result, error) {
+	if len(result.Refs) > 0 {
+		return result, nil
+	}
+	if result.Ref == nil {
+		return nil, errors.New("no refs to operate on")
+	}
+
+	// try to determine platform from image config, fallback to current platform
+	p := platforms.DefaultSpec()
+	if imgConfig, ok := result.Metadata[exptypes.ExporterImageConfigKey]; ok {
+		var img ocispecs.Image
+		err := json.Unmarshal(imgConfig, &img)
+		if err != nil {
+			return nil, err
+		}
+
+		if img.OS != "" && img.Architecture != "" {
+			p = ocispecs.Platform{
+				Architecture: img.Architecture,
+				OS:           img.OS,
+				OSVersion:    img.OSVersion,
+				OSFeatures:   img.OSFeatures,
+				Variant:      img.Variant,
+			}
+		}
+	}
+	p = platforms.Normalize(p)
+	pk := platforms.Format(p)
+
+	result.Refs = map[string]solver.ResultProxy{
+		pk: result.Ref,
+	}
+	result.Ref = nil
+
+	if result.Metadata != nil {
+		for _, key := range exptypes.KnownRefMetadataKeys {
+			if value, ok := result.Metadata[key]; ok {
+				result.Metadata[fmt.Sprintf("%s/%s", key, pk)] = value
+				delete(result.Metadata, key)
+			}
+		}
+	}
+
+	expPlatforms := exptypes.Platforms{
+		Platforms: []exptypes.Platform{{ID: pk, Platform: p}},
+	}
+	dt, err := json.Marshal(expPlatforms)
+	if err != nil {
+		return nil, err
+	}
+	result.AddMeta(exptypes.ExporterPlatformsKey, dt)
+
+	return result, nil
+}
diff --git a/solver/llbsolver/proc/sbom.go b/solver/llbsolver/proc/sbom.go
new file mode 100644
index 000000000000..3b66f7693a24
--- /dev/null
+++ b/solver/llbsolver/proc/sbom.go
@@ -0,0 +1,74 @@
+package proc
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/buildkit/client/llb"
+	"github.com/moby/buildkit/exporter/containerimage/exptypes"
+	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/frontend/attest"
+	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/llbsolver"
+	"github.com/pkg/errors"
+)
+
+func SBOMProcessor(scannerRef string) llbsolver.Processor {
+	return func(ctx context.Context, res *frontend.Result, s *llbsolver.Solver, j *solver.Job) (*frontend.Result, error) {
+		// skip sbom generation if we already have an sbom
+		if attest.HasSBOM(res) {
+			return res, nil
+		}
+
+		platformsBytes, ok := res.Metadata[exptypes.ExporterPlatformsKey]
+		if !ok {
+			return nil, errors.Errorf("unable to collect multiple refs, missing platforms mapping")
+		}
+
+		var ps exptypes.Platforms
+		if len(platformsBytes) > 0 {
+			if err := json.Unmarshal(platformsBytes, &ps); err != nil {
+				return nil, errors.Wrapf(err, "failed to parse platforms passed to sbom processor")
+			}
+		}
+
+		scanner, err := attest.CreateSBOMScanner(ctx, s.Bridge(j), scannerRef)
+		if err != nil {
+			return nil, err
+		}
+		if scanner == nil {
+			return res, nil
+		}
+
+		for _, p := range ps.Platforms {
+			ref, ok := res.Refs[p.ID]
+			if !ok {
+				return nil, errors.Errorf("could not find ref %s", p.ID)
+			}
+			defop, err := llb.NewDefinitionOp(ref.Definition())
+			if err != nil {
+				return nil, err
+			}
+			st := llb.NewState(defop)
+
+			att, st, err := scanner(ctx, p.ID, st, nil)
+			if err != nil {
+				return nil, err
+			}
+
+			def, err := st.Marshal(ctx)
+			if err != nil {
+				return nil, err
+			}
+
+			r, err := s.Bridge(j).Solve(ctx, frontend.SolveRequest{
+				Definition: def.ToPB(),
+			}, j.SessionID)
+			if err != nil {
+				return nil, err
+			}
+			res.AddAttestation(p.ID, att, r.Ref)
+		}
+		return res, nil
+	}
+}
diff --git a/solver/llbsolver/solver.go b/solver/llbsolver/solver.go
index 5a87fc88e0e4..ed833afc15ff 100644
--- a/solver/llbsolver/solver.go
+++ b/solver/llbsolver/solver.go
@@ -64,6 +64,10 @@ type Solver struct {
 	entitlements              []string
 }
 
+// Processor defines a processing function to be applied after solving, but
+// before exporting
+type Processor func(ctx context.Context, result *frontend.Result, s *Solver, j *solver.Job) (*frontend.Result, error)
+
 func New(opt Opt) (*Solver, error) {
 	s := &Solver{
 		workerController:          opt.WorkerController,
@@ -105,7 +109,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge {
 	}
 }
 
-func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement) (*client.SolveResponse, error) {
+func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, post []Processor) (*client.SolveResponse, error) {
 	j, err := s.solver.NewJob(id)
 	if err != nil {
 		return nil, err
@@ -147,6 +151,14 @@ func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req fro
 		}
 	}
 
+	for _, post := range post {
+		res2, err := post(ctx, res, s, j)
+		if err != nil {
+			return nil, err
+		}
+		res = res2
+	}
+
 	if res == nil {
 		res = &frontend.Result{}
 	}
diff --git a/solver/result/result.go b/solver/result/result.go
index 8401ffbc5914..a857128b56d9 100644
--- a/solver/result/result.go
+++ b/solver/result/result.go
@@ -41,6 +41,9 @@ func (r *Result[T]) AddRef(k string, ref T) {
 
 func (r *Result[T]) AddAttestation(k string, v Attestation, ref T) {
 	r.mu.Lock()
+	if r.Refs == nil {
+		r.Refs = map[string]T{}
+	}
 	if r.Attestations == nil {
 		r.Attestations = map[string][]Attestation{}
 	}