Anchore SBOM Action

December 23, 2025

Version updated for https://github.com/anchore/sbom-action to version v0.21.0.

This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 3,648 repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the generation of a software bill of materials (SBOM) using Syft, simplifying the process of analyzing software components and dependencies. It can scan container images, directories, or files, and produces SBOMs in SPDX format, which can be uploaded as workflow artifacts or GitHub release assets. This action helps developers ensure transparency and security in software supply chains while streamlining SBOM creation and management.

Release notes

chore(deps): update Syft to v1.39.0 (#561)
chore(deps): bump @octokit/request-error, @octokit/core and @octokit/webhooks (#560)
chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#558)

anchore
GitHub Actions