mcombuechen / sbom-distribution-examples Public

Notifications You must be signed in to change notification settings
Fork 0
Star 1

Just a sample project to play around with

GPL-3.0 license

1 star 0 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 40 Commits
.github		.github
fixtures		fixtures
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
TODO.md		TODO.md

Repository files navigation

SBOM Distribution Examples

A test repository to play around with SBOM ditribution.

Features of GitHub Action

Run on every GitHub release
generate SBOM for many ecosystems (npm, pypi, maven, ...)
generate SBOM with many generators (snyk, syft, cdxgen, ...)
generate SBOM in many formats (SPDX, CycloneDX)
Post documents to Release Artifacts

TODOs

get hold of contextual information about release (ID, version, ...)
move logic into action directory
post SHA256 of SBOM as artifact

About

Just a sample project to play around with

GPL-3.0 license

Report repository

Releases 18

Packages

No packages published

Contributors 3

Languages

Go 100.0%