Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/sbom-action
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: bb716408e75840bbb01e839347cd213767269d4a
Choose a base ref
...
head repository: anchore/sbom-action
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: b5042e9d19d8b32849779bfe17673ff84aec702d
Choose a head ref
  • 4 commits
  • 9 files changed
  • 3 contributors

Commits on Jun 29, 2022

  1. Copy the full SHA
    6fb484a View commit details

Commits on Aug 9, 2022

  1. Copy the full SHA
    0f0f981 View commit details
  2. Copy the full SHA
    ac5a533 View commit details

Commits on Aug 10, 2022

  1. Update dependencies (#317)

    kzantow authored Aug 10, 2022
    Copy the full SHA
    b5042e9 View commit details
Showing with 831 additions and 658 deletions.
  1. +10 −9 README.md
  2. +10 −0 action.yml
  3. +109 −73 dist/attachReleaseAssets/index.js
  4. +114 −74 dist/downloadSyft/index.js
  5. +109 −73 dist/runSyftAction/index.js
  6. +463 −413 package-lock.json
  7. +5 −5 package.json
  8. +1 −1 src/SyftVersion.ts
  9. +10 −10 tests/integration/__snapshots__/formatExports.test.ts.snap
19 changes: 10 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
@@ -113,15 +113,16 @@ use the `artifact-name` parameter:
The main [SBOM action](action.yml), responsible for generating SBOMs
and uploading them as workflow artifacts and release assets.

| Parameter | Description | Default |
| ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `path` | A path on the filesystem to scan. This is mutually exclusive to `image`. | \<current directory> |
| `image` | A container image to scan. This is mutually exclusive to `path`. See [Scan a container image](#scan-a-container-image) for more information. | |
| `registry-username` | The registry username to use when authenticating to an external registry | |
| `registry-password` | The registry password to use when authenticating to an external registry | |
| `artifact-name` | The name to use for the generated SBOM artifact. See: [Naming the SBOM output](#naming-the-sbom-output) | `sbom-<job>-<step-id>.spdx.json` |
| `output-file` | The location to output a resulting SBOM | |
| `format` | The SBOM format to export. One of: `spdx`, `spdx-json`, `cyclonedx`, `cyclonedx-json` | `spdx-json` |
| Parameter | Description | Default |
| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `path` | A path on the filesystem to scan. This is mutually exclusive to `image`. | \<current directory> |
| `image` | A container image to scan. This is mutually exclusive to `path`. See [Scan a container image](#scan-a-container-image) for more information. | |
| `registry-username` | The registry username to use when authenticating to an external registry | |
| `registry-password` | The registry password to use when authenticating to an external registry | |
| `artifact-name` | The name to use for the generated SBOM artifact. See: [Naming the SBOM output](#naming-the-sbom-output) | `sbom-<job>-<step-id>.spdx.json` |
| `output-file` | The location to output a resulting SBOM | |
| `format` | The SBOM format to export. One of: `spdx`, `spdx-json`, `cyclonedx`, `cyclonedx-json` | `spdx-json` |
| `dependency-snapshot` | Whether to upload the SBOM to the GitHub Dependency submission API | `false` |

### anchore/sbom-action/publish-sbom

10 changes: 10 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
@@ -49,6 +49,16 @@ inputs:
description: "Upload to GitHub dependency snapshot API"
default: "false"

upload-artifact:
required: false
description: "Upload artifact to workflow"
default: "true"

upload-release-assets:
required: false
description: "Upload release assets"
default: "true"

runs:
using: "node12"
main: "dist/runSyftAction/index.js"
Loading