Example goreleaser + github actions config with keyless signing and SBOM generation
-
Updated
Jun 5, 2024 - Go
Example goreleaser + github actions config with keyless signing and SBOM generation
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
First part of a small tool series. The Task of the tool series is to scan a project for its dependencies convert them to a usable format, fetches metadata for these packages and genrate a ots/foss document. This tool converts any sbom output to a from me defined output
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
Add a description, image, and links to the syft topic page so that developers can more easily learn about it.
To associate your repository with the syft topic, visit your repo's landing page and select "manage topics."