Version updated for https://github.com/sbomify/github-action to version v0.9. This action is used across all versions by 23 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changelog v0.9 New Features Plugin architecture for SBOM generation - Modular generator system with priority-based selection and automatic fallback (cyclonedx-py → Trivy → Syft) Ubuntu APT repository enrichment - Native metadata source for pkg:deb/ubuntu/* packages (LTS 18.04-24.04 + 24.10) Built-in schema validation - JSON Schema validation for generated SBOMs Bug Fixes Fixed NTIA compliance issues for supplier and version fields Improved author extraction from PyPI author_email field Added version inheritance for lockfile components Documentation Added ADR-0001: Plugin Architecture for Extensibility

Version updated for https://github.com/sbomify/github-action to version v0.8.0. This action is used across all versions by 23 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changelog for v0.8.0 Major Features Plugin-based Enrichment Architecture Complete rewrite of the SBOM enrichment system with a plugin-based architecture Queries multiple data sources in priority order to improve NTIA compliance 8 data sources implemented: PyPI, Debian, deps.dev, ecosyste.ms, PURL, ClearlyDefined, Repology, and RPM Repo Lockfile components are now enriched with metadata instead of removed, preserving dependency graph integrity RPM Repository Enrichment (PR #69) Native Tier 1 enrichment for RHEL-compatible distros Supports: Rocky Linux 8/9, Alma Linux 8/9, CentOS Stream 8/9, Fedora 39-42, Amazon Linux 2/2023 Extracts license, vendor/supplier, description, homepage, and download URL from official repos Intelligent caching at repo level for efficient batch processing Dart/Flutter Support (PR #67) Added support for Dart packages via pub.

Version updated for https://github.com/sbomify/github-action to version v0.7.0. This action is used across all versions by 21 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Changelog: v0.6 → v0.7.0 Major Changes: Switched enrichment from Parley to ecosyste.ms API - Now uses ecosyste.ms for package metadata enrichment (thank you @andrew) Added SPDX support - Full support for SPDX 2.2 and 2.3 formats alongside CycloneDX (via new spdx-tools dependency) Enhanced telemetry with privacy controls - Sentry error tracking now respects repository visibility (private repos don’t send CI context) Improvements: