Mix SBoM

Version updated for https://github.com/erlef/mix_sbom to version v0.10.0.

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action generates a Software Bill of Materials (SBoM) for Elixir Mix projects in the CycloneDX format. It automates the process of identifying and documenting project dependencies, providing a standardized and detailed inventory that enhances software supply chain security and compliance. Key capabilities include support for multiple output formats (JSON, XML, Protobuf), schema versioning, and environment-specific dependency filtering.

What’s Changed

What’s Changed

• Fix Component Descriptions by @maennchen in https://github.com/erlef/mix_sbom/pull/85
• Smoke Test CycloneDX 1.7 by @maennchen in https://github.com/erlef/mix_sbom/pull/90
• Add component.group field to CycloneDX SBOMs by @maennchen in https://github.com/erlef/mix_sbom/pull/91
• Use ORT to generate SBoM instead of REUSE by @maennchen in https://github.com/erlef/mix_sbom/pull/75

Dependency Updates

• Bump mlugg/setup-zig from 2.2.0 to 2.2.1 in the github-actions group by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/80
• Bump the github-actions group with 3 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/81
• Bump the github-actions group with 2 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/83
• Bump optimus by @savonarola in https://github.com/erlef/mix_sbom/pull/84
• Bump the github-actions group with 2 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/87
• Bump github/codeql-action from 4.32.2 to 4.32.3 in the github-actions group by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/88
• Bump the mix-dependencies group with 4 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/86
• Update DevEnv Setup by @maennchen in https://github.com/erlef/mix_sbom/pull/89
• Bump the github-actions group with 2 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/92
• Bump the github-actions group with 6 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/94
• Bump the mix-dependencies group with 2 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/93
• Bump the github-actions group with 3 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/96
• Bump the mix-dependencies group with 3 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/95
• Bump the github-actions group with 3 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/98
• Bump the github-actions group with 2 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/99
• Bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/101
• Bump hex_core from 0.13.0 to 0.15.0 in the mix-dependencies group across 1 directory by @dependabot[bot] in https://github.com/erlef/mix_sbom/pull/97

New Contributors

• @savonarola made their first contribution in https://github.com/erlef/mix_sbom/pull/84

Full Changelog: https://github.com/erlef/mix_sbom/compare/v0.9.1...v0.10.0

• erlef
• GitHub Actions