GitHub action that uses the vcn tool from CodeNotary.com to untrust the bill of materials (BoM) for Python projects. It supports Pipenv, Poetry and pip projects: it accepts Pipfile.lock, poetry.lock or requirements.txt files (or directories containing such files) as input.
Have a look in the provided example workflow.
💡 The underlying vcn Docker image can also be run directly (an example is also provided in the same example workflow). This way one can specify any vcn 💥 flag, not just the ones exposed by the GitHub action.
👉 This link lists all the other GitHub actions that are available from CodeNotary.