Anchore SBOM Action

January 8, 2026

Version updated for https://github.com/anchore/sbom-action to version v0.21.1.

This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 3,778 repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The GitHub Action for SBOM Generation automates the creation of Software Bill of Materials (SBOMs) using Syft, enabling users to scan container images, directories, or specific files within their repositories. It generates SBOMs in SPDX format, uploads them as artifacts, and integrates with GitHub releases to attach SBOMs as release assets. This action simplifies dependency tracking, enhances software supply chain transparency, and supports compliance with software composition analysis requirements.

Release notes

Changes in v0.21.1

chore(deps): update Syft to v1.40.0 (#562) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]

anchore
GitHub Actions