Secure SBOM Action

Version updated for https://github.com/shiftleftcyber/secure-sbom-action to version v2.2.1.

• This action is used across all versions by 3 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Secure SBOM GitHub Action automates the signing and verification of Software Bill of Materials (SBOMs) and cryptographic digests using the SecureSBOM API. It ensures the integrity and authenticity of SBOMs in CI/CD workflows, enabling organizations to cryptographically attest to their validity. The action supports signing SBOMs, verifying signed SBOMs, and signing digests, with compatibility for CycloneDX SBOMs and multiple API versions.

Release notes

What’s Changed

• fix: add digest hash var by @VinnyBarton in https://github.com/shiftleftcyber/secure-sbom-action/pull/13

Full Changelog: https://github.com/shiftleftcyber/secure-sbom-action/compare/v2.2.0...v2.2.1

What’s Changed

• fix: add digest hash var by @VinnyBarton in https://github.com/shiftleftcyber/secure-sbom-action/pull/13

Full Changelog: https://github.com/shiftleftcyber/secure-sbom-action/compare/v2.2.0...v2.2.1

• shiftleftcyber
• GitHub Actions