Commit fc87a95 1 parent 2693255 commit fc87a95 Copy full SHA for fc87a95
File tree 1 file changed +16
-3
lines changed
1 file changed +16
-3
lines changed Original file line number Diff line number Diff line change 1111 pull_request :
1212
1313jobs :
14- # Generate SBOM using cdxgen, but with NPMJS package, not Docker container
15- sbom-gen :
14+ # Generate SBOM using syft
15+ sbom-gen-syft :
16+ runs-on : ubuntu-22.04
17+ steps :
18+ - uses : actions/checkout@v4
19+ - run : mkdir -p ~/.local/bin
20+ - name : Install syft
21+ run : curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b ~/.local/bin
22+ - name : Install compliance-assistant
23+ uses : ./.github/actions/poetrybuild
24+ - name : Generate SBOM with syft
25+ run : poetry run compliance-assistant sbom generate -v -g syft -d . -o ${{ runner.temp }}/sbom-raw.json
26+
27+ # Generate SBOM using cdxgen (npm package)
28+ sbom-gen-cdxgen :
1629 runs-on : ubuntu-22.04
1730 steps :
1831 - uses : actions/checkout@v4
2942 # Enrich the generated SBOM
3043 sbom-enrich :
3144 runs-on : ubuntu-22.04
32- needs : sbom-gen
45+ needs : sbom-gen-cdxgen
3346 steps :
3447 - uses : actions/checkout@v4
3548 - uses : ./.github/actions/poetrybuild
You can’t perform that action at this time.
0 commit comments