Version updated for https://github.com/anchore/sbom-action to version v0.22.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 3,971 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary This GitHub Action automates the generation of a Software Bill of Materials (SBOM) using Syft, supporting scans of container images, directories, or files. It simplifies SBOM creation, artifact uploads, and publication as GitHub release assets, tackling challenges in software supply chain transparency and compliance.

Version updated for https://github.com/anchore/scan-action to version v7.3.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 8,627 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The GitHub Action for Vulnerability Scanning integrates the Grype scanner to detect vulnerabilities in files, directories, container images, or SBOM files during CI/CD workflows. It automates vulnerability scanning, enabling users to enforce security checks by failing builds based on configurable severity thresholds, all while operating locally without requiring external credentials.

Version updated for https://github.com/anchore/sbom-action to version v0.22.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 3,921 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary This GitHub Action automates the creation of a Software Bill of Materials (SBOM) using Syft, enabling users to scan container images, directories, or files to generate SBOMs in SPDX format. It simplifies the process of documenting software components and dependencies, and can upload SBOMs as workflow artifacts or GitHub release assets, addressing compliance, security, and transparency needs in software development.

Version updated for https://github.com/anchore/scan-action to version v7.3.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 8,600 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary This GitHub Action leverages the Grype vulnerability scanner to detect security vulnerabilities in container images, file directories, or software bill of materials (SBOMs). It automates the process of scanning software components during CI/CD workflows, enabling developers to identify vulnerabilities before deployment or merging code.

Version updated for https://github.com/anchore/sbom-action to version v0.21.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 3,778 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The GitHub Action for SBOM Generation automates the creation of Software Bill of Materials (SBOMs) using Syft, enabling users to scan container images, directories, or specific files within their repositories. It generates SBOMs in SPDX format, uploads them as artifacts, and integrates with GitHub releases to attach SBOMs as release assets.

Version updated for https://github.com/anchore/scan-action to version v7.2.3. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 8,554 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary This GitHub Action leverages the Grype vulnerability scanner to detect security vulnerabilities in files, directories, container images, or SBOMs during CI/CD workflows. It automates vulnerability scanning to ensure software integrity before deployment, with options to fail builds based on configurable severity thresholds.

Version updated for https://github.com/anchore/sbom-action to version v0.21.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 3,648 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary This GitHub Action automates the generation of a software bill of materials (SBOM) using Syft, simplifying the process of analyzing software components and dependencies. It can scan container images, directories, or files, and produces SBOMs in SPDX format, which can be uploaded as workflow artifacts or GitHub release assets.

Version updated for https://github.com/anchore/sbom-action to version v0.20.11. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 3,536 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changes in v0.20.11 update Syft to v1.38.2 (https://github.com/anchore/sbom-action/pull/557) bump @octokit/plugin-paginate-rest, @actions/artifact and @actions/github (#550) [[dependabot[bot]](https://github.com/dependabot[bot])] bump js-yaml (#552) [[dependabot[bot]](https://github.com/dependabot[bot])]

Version updated for https://github.com/anchore/scan-action to version v7.2.2. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 8,444 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes New in scan-action v7.2.2 update Grype to v0.104.2 (#557) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])] bump glob from 10.4.5 to 10.5.0 (#546) [[dependabot[bot]](https://github.com/dependabot[bot])]

Version updated for https://github.com/anchore/scan-action to version v7.2.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 8,383 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes New in scan-action v7.2.1 updated Grype to v0.104.1 (#550) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])] bump js-yaml from 3.14.1 to 3.14.2 (#544) [[dependabot[bot]](https://github.com/dependabot[bot])]

Version updated for https://github.com/anchore/sbom-action to version v0.20.10. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 3,352 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changes in v0.20.10 chore(deps): update Syft to v1.38.0 (#548) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]

Version updated for https://github.com/anchore/scan-action to version v7.2.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 8,348 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes New in scan-action v7.2.0 chore(deps): update Grype to v0.104.0 (#541) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])] chore(deps-dev): bump tar from 7.5.1 to 7.5.2 (#538) [[dependabot[bot]](https://github.com/dependabot[bot])] chore(deps-dev): bump eslint from 9.38.0 to 9.39.0 (#539) [[dependabot[bot]](https://github.com/dependabot[bot])]

Version updated for https://github.com/anchore/scan-action to version v6.5.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 7,907 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes New in scan-action v6.5.0 Update Grype to v0.96.1 (#493) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])] fix: output stderr for nonzero exit code (#491) [kzantow]

Version updated for https://github.com/anchore/sbom-action to version v0.20.4. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 2,519 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changes in v0.20.4 chore: update Syft to v1.29.0 (#529)

Version updated for https://github.com/anchore/sbom-action to version v0.20.2. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 2,423 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changes in v0.20.2 Update Syft to v1.28.0 (#526)

Version updated for https://github.com/anchore/scan-action to version v6.4.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 7,823 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes New in scan-action v6.4.0 Update Grype to v0.95.0 (#486) chore(deps-dev): bump eslint from 9.30.0 to 9.30.1 (#485) chore(deps-dev): bump lint-staged from 16.1.0 to 16.1.2 (#476) chore(deps-dev): bump jest from 30.0.0 to 30.0.3 (#481) chore(deps-dev): bump prettier from 3.

Version updated for https://github.com/anchore/sbom-action to version v0.20.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 2,342 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changes in v0.20.1 Update Syft to v1.27.1 (#525)

Version updated for https://github.com/anchore/scan-action to version v6.3.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 7,769 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes New in scan-action v6.3.0 Update Grype to v0.94.0 (#470)

Version updated for https://github.com/anchore/sbom-action to version v0.20.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 2,180 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changes in v0.20.0 chore(deps): update Syft to v1.24.0 (#522)

Version updated for https://github.com/anchore/scan-action to version v6.2.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 7,506 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes New in scan-action v6.2.0 feat: update Scan action to use grype db v6 (#462) [spiffcs]

Version updated for https://github.com/anchore/sbom-action to version v0.19.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 2,051 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changes in v0.19.0 chore(deps): update Syft to v1.23.0 (#521) chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#519) chore(deps): bump cross-spawn (#514)