Secure SBOM Action

Version updated for https://github.com/shiftleftcyber/secure-sbom-action to version v2.4.0.

• This action is used across all versions by 3 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Secure SBOM GitHub Action automates the signing and verification of Software Bill of Materials (SBOMs) and cryptographic digests, ensuring their integrity during CI/CD pipelines. It leverages the SecureSBOM API to provide cryptographic attestation of SBOMs, supports CycloneDX SBOM formats, and maintains compatibility with both legacy and modern API versions. This action is designed to enhance software supply chain security by streamlining the management of trusted SBOMs.

What’s Changed

What’s Changed

• feat: update digest signing process by @VinnyBarton in https://github.com/shiftleftcyber/secure-sbom-action/pull/16

Full Changelog: https://github.com/shiftleftcyber/secure-sbom-action/compare/v2.3.0...v2.4.0

What’s Changed

• feat: update digest signing process by @VinnyBarton in https://github.com/shiftleftcyber/secure-sbom-action/pull/16

Full Changelog: https://github.com/shiftleftcyber/secure-sbom-action/compare/v2.3.0...v2.4.0

• shiftleftcyber
• GitHub Actions