Anchore SBOM Action

January 27, 2026

Version updated for https://github.com/anchore/sbom-action to version v0.22.1.

This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 3,971 repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the generation of a Software Bill of Materials (SBOM) using Syft, supporting scans of container images, directories, or files. It simplifies SBOM creation, artifact uploads, and publication as GitHub release assets, tackling challenges in software supply chain transparency and compliance. Key capabilities include flexible scanning options, artifact naming, and integration with GitHub releases.

Release notes

v0.22.1

⬆️ Dependencies

chore(deps): update Syft to v1.41.0 (#576) [@anchore-actions-token-generator[bot]]
chore(deps): bump lodash from 4.17.21 to 4.17.23 (#573) [@dependabot[bot]]

anchore
GitHub Actions