Skip to content
SBOM upload

CI(workflows): Create submit-sbom.yml #1

Sign in to view logs

CI(workflows): Create submit-sbom.yml

CI(workflows): Create submit-sbom.yml #1

Workflow file for this run

.github/workflows/submit-sbom.yml at d5c20fd
name: SBOM upload
on:
workflow_dispatch:
push:
branches: ["main"]
jobs:
SBOM-upload:
runs-on: windows-latest
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- name: Generate SBOM
# generation command documentation: https://github.com/microsoft/sbom-tool#sbom-generation
run: |
Invoke-WebRequest -Uri "https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-win-x64.exe" -OutFile "sbom-tool.exe"
$RUNNER_TEMP/sbom-tool generate -b . -bc . -pn $ -pv 1.0.0 -ps OwnerName -nsb https://sbom.test.com -V Verbose
- uses: actions/upload-artifact@v4
with:
name: sbom
path: _manifest/spdx_2.2
- name: SBOM upload
uses: advanced-security/spdx-dependency-submission-action@5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e
with:
filePath: "_manifest/spdx_2.2/"