Automatic SBOM #75
varunsh-coder
started this conversation in
Ideas
Automatic SBOM
#75
Replies: 2 comments 1 reply
-
|
@varunsh-coder I like this idea very much! |
Beta Was this translation helpful? Give feedback.
1 reply
-
Thanks @dirien! Happy to see your comment! To clarify, did you want to upload the SBOM that is already generated (e.g. using |
Beta Was this translation helpful? Give feedback.
-
|
Now tracking my findings here: jauderho/dockerfiles#149 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
In the future
harden-runnercan upload SBOM generated during the workflow run to a central place. You can then access your security insights and SBOMs at the same place.harden-runnermonitors the GitHub-hosted runner and as a result could also generate an accurate SBOM automatically. You don't have to think about it or add steps for it.Please discuss SBOM related stuff here.
@jauderho has created a sample workflow for key-less signing and SBOM generation here:
https://github.com/jauderho/dockerfiles/blob/main/.github/workflows/age.yml
https://github.com/jauderho/dockerfiles/actions/runs/1755633128
Beta Was this translation helpful? Give feedback.
All reactions