Secure SBOM Action

Version updated for https://github.com/shiftleftcyber/secure-sbom-action to version v2.2.0.

• This action is used across all versions by 3 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Secure SBOM GitHub Action facilitates the signing and verification of Software Bill of Materials (SBOMs) and cryptographic digests using the SecureSBOM API. It automates the process of ensuring the integrity and authenticity of SBOMs within CI/CD pipelines, helping organizations establish trust and compliance in software supply chain management. Key capabilities include signing SBOMs with managed keys, verifying signed SBOMs, and signing SHA256 digests for environments where transferring full SBOMs is impractical.

Release notes

What’s Changed

• chore: update workflow by @VinnyBarton in https://github.com/shiftleftcyber/secure-sbom-action/pull/12

Full Changelog: https://github.com/shiftleftcyber/secure-sbom-action/compare/v2.1.0...v2.2.0

What’s Changed

• chore: update workflow by @VinnyBarton in https://github.com/shiftleftcyber/secure-sbom-action/pull/12

Full Changelog: https://github.com/shiftleftcyber/secure-sbom-action/compare/v2.1.0...v2.2.0

• shiftleftcyber
• GitHub Actions