You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think that pipeline should also be integrated in the SBOM generation as they're dependencies for a project (e.g: If a pipeline build the final application, generate files, ...).
Additional context
For github action:
steps:
# Reference a specific commit
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3# Reference the major version of a release
- uses: actions/checkout@v3# Reference a specific version
- uses: actions/[email protected]# Reference a branch
- uses: actions/checkout@main
wagoodman
changed the title
Support indexing github workflow & github action for SBOM
Support cataloging github workflow & github action usages
Sep 15, 2023
What would you like to be added
I would like that
syft
was able to indexgithub workflow
&github action
file to list github action dependencies when generating a SBOM.I think 2 new type could be added:
github-actions
: A step that is executing during a job.https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsuses
github-worfklow
: A workflow that is call by another workflowhttps://docs.github.com/en/actions/using-workflows/reusing-workflows
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_iduses
Why is this needed
I think that pipeline should also be integrated in the SBOM generation as they're dependencies for a project (e.g: If a pipeline build the final application, generate files, ...).
Additional context
For
github action
:Syft
would have generated the following output:For
github workflow
Syft
would have parsed:The text was updated successfully, but these errors were encountered: