Skip to content

v1.0.6 — Scanned Branch in Dashboard Uploads

Choose a tag to compare

View all tags
@lab700xdev lab700xdev released this 04 Jun 20:32
v1.0.6
18fb2c9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's new

Scanned branch in dashboard uploads — When the GitHub Action posts an SBOM to a connected dashboard, it now includes the branch or tag that was actually scanned (X-Aisbom-Ref, sourced from GITHUB_REF_NAME). The dashboard can attribute each scan to the correct ref instead of falling back to a placeholder.

  • Honest fallback: the header is sent only when the ref is known. For local runs or older Action versions where it's unset, the header is omitted entirely — the receiver shows an honest "—" rather than a guessed branch.
  • Opt-in only: this affects the platform upload path that already requires an explicit token. Default CLI-only scanning is unchanged.

What's not changing

All scanner rules, exit codes, command signatures, and SBOM output schemas are byte-for-byte identical to v1.0.5. The new header is purely additive and only appears on the already opt-in dashboard upload.

Assets 5
Loading