File tree 1 file changed +38
-0
lines changed
1 file changed +38
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow uses actions that are not certified by GitHub.
2+ # They are provided by a third-party and are governed by
3+ # separate terms of service, privacy policy, and support
4+ # documentation.
5+
6+ # This workflow checks out code, builds an image, performs a container image
7+ # scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency
8+ # submission API.
9+
10+ # For more information on the Anchore sbom-action usage
11+ # and parameters, see https://github.com/anchore/sbom-action. For more
12+ # information about the Anchore SBOM tool, Syft, see
13+ # https://github.com/anchore/syft
14+ name : Anchore Syft SBOM scan
15+
16+ on :
17+ push :
18+ branches : [ "main" ]
19+
20+ permissions :
21+ contents : write
22+
23+ jobs :
24+ Anchore-Build-Scan :
25+ permissions :
26+ contents : write # required to upload to the Dependency submission API
27+ runs-on : ubuntu-latest
28+ steps :
29+ - name : Checkout the code
30+ uses : actions/checkout@v3
31+ - name : Build the Docker image
32+ run : docker build . --file Dockerfile --tag localbuild/testimage:latest
33+ - name : Scan the image and upload dependency results
34+ uses : anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
35+ with :
36+ image : " localbuild/testimage:latest"
37+ artifact-name : image.spdx.json
38+ dependency-snapshot : true
You can’t perform that action at this time.
0 commit comments