Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SBOM to releases #500

Merged
merged 8 commits into from
Sep 25, 2021
Merged

Add SBOM to releases #500

merged 8 commits into from
Sep 25, 2021

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Sep 10, 2021

This will automatically create an SBOM (using the sbom-action version of Syft) during the release phase and add it as a release artifact with the name sbom.spdx.json. See: anchore/sbom-action#70 for more information.

Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow changed the title [WiP] Add release SBOM generation Add release SBOM generation Sep 24, 2021
@kzantow kzantow changed the title Add release SBOM generation Add SBOM to releases Sep 24, 2021
@kzantow kzantow requested a review from a team September 24, 2021 16:28
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow merged commit e5caba0 into anchore:main Sep 25, 2021
@kzantow kzantow deleted the add-sbom-action branch September 25, 2021 00:21
spiffcs added a commit that referenced this pull request Sep 30, 2021
* main:
  Add vendor + product known good CPE field values (#517)
  Add SBOM to releases (#500)
  Add announcement for KubeCon meetup (#515)
  Prevent invalid CPE field values (#514)
  Filter out CPE product candidates that are asterisks (#513)
  Use Anchore fork of packageurl lib without replace directive (#512)
  update log file permissions to 0644 (#511)

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants