Skip to content

AustonIvison/container-dependency-submission

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
index.html
index.html
 
 

Repository files navigation

Container Dependency Submission

Submit container image dependencies to the GitHub Dependency Graph using Syft via the anchore/sbom-action.

Workflows

1. Submit Container Dependencies

Scans an existing container image and submits its dependencies to the GitHub Dependency Graph.

Usage:

  1. Go to ActionsSubmit Container Dependencies
  2. Click Run workflow
  3. Enter the image to scan (default: nginx:latest)
  4. Click Run workflow

2. Build and Submit Dependencies

Builds a Docker image from this repository and submits its dependencies.

Usage:

  1. Go to ActionsBuild and Submit Dependencies
  2. Click Run workflow
  3. Optionally customize Dockerfile path and image tag
  4. Click Run workflow

Viewing Dependencies

After a successful workflow run, view the dependencies at:

  • InsightsDependency graphDependencies

Or via the API:

gh api /repos/OWNER/REPO/dependency-graph/sbom

How It Works

  1. The workflow uses anchore/sbom-action which runs Syft
  2. Syft generates an SBOM (Software Bill of Materials) from the container image
  3. The action submits the SBOM to GitHub's Dependency Submission API
  4. Dependencies appear in the repository's Dependency Graph

Requirements

  • Repository must have Dependency Graph enabled (Settings → Code security and analysis)
  • Workflows need contents: write permission to submit dependencies

About

Submit container image dependencies to GitHub Dependency Graph using Syft

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages