This GitHub action will create a valid Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies and then will upload to OWASP Dependency-Track.
- Dependency-Track url - required
- Dependency-Track api-key - required
- Project Name - required
- Project Version - required
The default token output confirms that the SBOM has been successfully uploaded to Dependency-Track.
uses: CryptosoftInc/Aggregate-Sbom-Javascript@1.0.0
- Navigate to your GitHub project directory.
- Create a new file named .github/workflows/file-name.yaml.
- Copy the provided code snippet below and paste it into the newly created YAML file.
name: Your-Workflow-Name
on: push
jobs:
myJob:
runs-on: ubuntu-latest
steps:
- name: Cryptosoft-SBOM-Dependency-Track
id: Cryptosoft-SBOM-Dependency-Track
uses: CryptosoftInc/Aggregate-Sbom-Javascript@1.0.0
with:
dt-url: <your dt url>
# you can store api-key obtained in your github secrets.
api-key: ${{ secrets.apiKey }}
project-name: <your project name>
project-version: <your project version >
Suggestions are welcome!