From 37b04d842f3e7119e6cd274a1d2a0483be3cd507 Mon Sep 17 00:00:00 2001
From: Marcin Kozlowski <marcinguy@gmail.com>
Date: Thu, 14 Nov 2024 17:55:43 +0100
Subject: [PATCH] Update docker-build.yml

---
 .github/workflows/docker-build.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index e4cab57..c36b24b 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -75,6 +75,18 @@ jobs:
           DOCKER_HUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
           DOCKER_HUB_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
 
+
+      # Install Grype
+      - name: Install Grype
+        run: |
+          curl -sSL https://github.com/anchore/grype/releases/download/v0.80.0/grype-linux-amd64-v0.80.0.tar.gz | tar -xz -C /usr/local/bin
+
+      # Generate SBOM with Grype
+      - name: Generate SBOM with Grype
+        run: |
+          grype sbom ${env.IMAGE_NAME}:${{ github.sha }} -o json > sbom.json    
+      
+
       - name: Generate SBOM attestation
         uses: actions/attest-sbom@v1
         with: