Anchore SBOM Action

Version updated for https://github.com/anchore/sbom-action to version v0.22.0.

• This publisher is shown as ‘verified’ by GitHub.
• This action is used across all versions by 3,921 repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the creation of a Software Bill of Materials (SBOM) using Syft, enabling users to scan container images, directories, or files to generate SBOMs in SPDX format. It simplifies the process of documenting software components and dependencies, and can upload SBOMs as workflow artifacts or GitHub release assets, addressing compliance, security, and transparency needs in software development. Key features include support for direct registry authentication, artifact naming customization, and compatibility with matrix builds.

Release notes

Changes in v0.22.0

⬆️ Dependencies

• chore(deps-dev): bump the dev-dependencies group with 19 updates (#566) [@dependabot]
• chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567) [@dependabot]
• chore(deps): update Syft to v1.40.1 (#563) [@anchore-actions-token-generator[bot]]

• anchore
• GitHub Actions