Version updated for https://github.com/sbomify/sbomify-action to version v26.1.0. This action is used across all versions by 25 repositories. Action Type This is a Docker action. Go to the GitHub Marketplace to find the latest changes. Action Summary The sbomify-action GitHub Action automates the generation, enrichment, and management of Software Bill of Materials (SBOMs) in CI/CD pipelines. It supports multiple ecosystems and formats (CycloneDX, SPDX), integrates package metadata from various sources, and enables cryptographic signing, attestation, and compliance tracking.

Version updated for https://github.com/sbomify/sbomify-action to version v0.14. This action is used across all versions by 24 repositories. Action Type This is a Docker action. Go to the GitHub Marketplace to find the latest changes. Action Summary The sbomify-action GitHub Action is designed to generate, enrich, and manage Software Bill of Materials (SBOMs) within CI/CD pipelines. It automates the creation of SBOMs from various sources such as lockfiles or Docker images, enriches them with metadata from package registries, and supports cryptographic signing and attestation to ensure a secure chain of trust.

Version updated for https://github.com/sbomify/github-action to version v0.12. This action is used across all versions by 24 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The sbomify GitHub Action automates the generation, augmentation, and management of Software Bill of Materials (SBOMs) directly within CI/CD pipelines. It supports creating SBOMs in CycloneDX or SPDX formats from source code dependencies, Docker images, and other artifacts, while enriching them with metadata for enhanced traceability, compliance, and security.

Version updated for https://github.com/sbomify/github-action to version v0.11. This action is used across all versions by 24 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The “sbomify GitHub Action” automates the generation, enrichment, and management of Software Bill of Materials (SBOMs) within CI/CD pipelines. It supports multiple SBOM formats (CycloneDX and SPDX), integrates metadata from various sources, and enables cryptographic signing and attestation for secure software supply chain management.

Version updated for https://github.com/sbomify/github-action to version v0.10. This action is used across all versions by 24 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The sbomify GitHub Action automates the generation, enrichment, and management of Software Bill of Materials (SBOMs) within CI/CD pipelines. It supports creating SBOMs from various sources such as dependency lockfiles and Docker images, while allowing augmentation with business and package metadata for enhanced traceability and compliance.

Version updated for https://github.com/sbomify/github-action to version v0.9. This action is used across all versions by 23 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changelog v0.9 New Features Plugin architecture for SBOM generation - Modular generator system with priority-based selection and automatic fallback (cyclonedx-py → Trivy → Syft) Ubuntu APT repository enrichment - Native metadata source for pkg:deb/ubuntu/* packages (LTS 18.04-24.04 + 24.10) Built-in schema validation - JSON Schema validation for generated SBOMs Bug Fixes Fixed NTIA compliance issues for supplier and version fields Improved author extraction from PyPI author_email field Added version inheritance for lockfile components Documentation Added ADR-0001: Plugin Architecture for Extensibility

Version updated for https://github.com/sbomify/github-action to version v0.8.0. This action is used across all versions by 23 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changelog for v0.8.0 Major Features Plugin-based Enrichment Architecture Complete rewrite of the SBOM enrichment system with a plugin-based architecture Queries multiple data sources in priority order to improve NTIA compliance 8 data sources implemented: PyPI, Debian, deps.dev, ecosyste.ms, PURL, ClearlyDefined, Repology, and RPM Repo Lockfile components are now enriched with metadata instead of removed, preserving dependency graph integrity RPM Repository Enrichment (PR #69) Native Tier 1 enrichment for RHEL-compatible distros Supports: Rocky Linux 8/9, Alma Linux 8/9, CentOS Stream 8/9, Fedora 39-42, Amazon Linux 2/2023 Extracts license, vendor/supplier, description, homepage, and download URL from official repos Intelligent caching at repo level for efficient batch processing Dart/Flutter Support (PR #67) Added support for Dart packages via pub.

Version updated for https://github.com/sbomify/github-action to version v0.7.0. This action is used across all versions by 21 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changelog: v0.6 → v0.7.0 Major Changes: Switched enrichment from Parley to ecosyste.ms API - Now uses ecosyste.ms for package metadata enrichment (thank you @andrew) Added SPDX support - Full support for SPDX 2.2 and 2.3 formats alongside CycloneDX (via new spdx-tools dependency) Enhanced telemetry with privacy controls - Sentry error tracking now respects repository visibility (private repos don’t send CI context) Improvements: