Automatic SBOM #75
varunsh-coder
started this conversation in
Ideas
Automatic SBOM
#75
Replies: 2 comments 1 reply
-
|
@varunsh-coder I like this idea very much! |
Beta Was this translation helpful? Give feedback.
1 reply
-
Thanks @dirien! Happy to see your comment! To clarify, did you want to upload the SBOM that is already generated (e.g. using |
Beta Was this translation helpful? Give feedback.
-
|
Now tracking my findings here: jauderho/dockerfiles#149 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In the future
harden-runnercan upload SBOM generated during the workflow run to a central place. You can then access your security insights and SBOMs at the same place.harden-runnermonitors the GitHub-hosted runner and as a result could also generate an accurate SBOM automatically. You don't have to think about it or add steps for it.Please discuss SBOM related stuff here.
@jauderho has created a sample workflow for key-less signing and SBOM generation here:
https://github.com/jauderho/dockerfiles/blob/main/.github/workflows/age.yml
https://github.com/jauderho/dockerfiles/actions/runs/1755633128
Beta Was this translation helpful? Give feedback.
All reactions