sbom-action
sbom-action copied to clipboard
anchore
GitHub Action for creating software bill of materials using Syft.
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5. Release notes Sourced from actions/checkout's releases. v4.1.5 What's Changed Update NPM dependencies by @cory-miller in actions/checkout#1703 Bump github/codeql-action from 2 to 3 by @dependabot...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
This PR updates the `@actions/artifact` library to the most recent version, which includes some usage updates. See test runs here: * https://github.com/kzantow-anchore/sbom-action-test/actions/runs/8943293414/job/24567681706#step:4:17 * Artifacts attached: https://github.com/kzantow-anchore/sbom-action-test/actions/runs/8943293414 * Snapshot successful: https://github.com/kzantow-anchore/sbom-action-test/actions/runs/8943293414/job/24567681706#step:4:979...
Hello. Due to the usage of `@actions/artifact@v2` under the hood of `actions/download-artifact@v4`, the current version of `anchore/sbom-action` is not compatible with `actions/download-artifact@v4`. It will be great to migrate to [`@actions/artifact@v2`...
I build a docker container using the `docker/[email protected]` and `docker/[email protected]` actions. But do not push the container to Artifactory at this point. The image is built and loaded into docker...
Following to our discussion from last week, this is the PoC to generate SLSA provenance. We're working on verification support in the next couple weeks, but it should not block...
It worked well till 5th March. But on 6th March, job failed. I never changed my source code during these 2 days. I think it was because of this PR:https://github.com/anchore/sbom-action/pull/446...
There is currently no support in Syft for this but it can be accomplished by executing multiple times. This is less than ideal, as scans have the potential to be...
When a maven package is moved to a different group, the new group is reported instead of the use one (even though the old still still exists) See this [repro...
I've got an action defined: ```yaml - name: Create SBOMs uses: anchore/sbom-action@v0 with: file: ./server/jetty-app/build/distributions/server-jetty-0.20.0.tar upload-release-assets: false ``` Unfortunately, it looks like it's running with `path` instead of `file`. ```...
I've been exploring using the `anchore/sbom-action` but have a scenario that would require exposing this input. When using the action with a GitHub matrix to generate SBOMs for multiple images...
