-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdevopsshield-sca-anchore-syft.yml
More file actions
60 lines (49 loc) · 2.51 KB
/
devopsshield-sca-anchore-syft.yml
File metadata and controls
60 lines (49 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Last applied at: Mon, 20 Jan 2025 03:14:11 GMT
# DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.
# https://devopsshield.com
##############################################################
# This is a DevOps Shield - Application Security - Code Security Template.
# This workflow template uses actions that are not certified by DevOps Shield.
# They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.
# Use this workflow template for integrating code security into your pipelines and workflows.
# DevOps Shield Workflow Template Details:
# ------------------------------------------------------------
# Code: GH_SCA_ANCHORE_SYFT
# Name: Anchore Syft SBOM Scan
# DevSecOpsControls: SCA
# Provider: Anchore
# Categories: Code Scanning, Dockerfile, Dependency Management
# Description:
# Produce Software Bills of Materials based on Anchore's open source Syft tool.
# Syft is a powerful and easy-to-use open-source tool for generating Software Bill of Materials (SBOMs) for container images and filesystems.
# It provides detailed visibility into the packages and dependencies in your software, helping you manage vulnerabilities, license compliance, and software supply chain security.
# This workflow checks out code, builds an image, performs a container image
# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency submission API.
# Read the official documentation to find out more.
# For more information:
# https://github.com/anchore/syft
# ------------------------------------------------------------
# Source repository: https://github.com/anchore/sbom-action
##############################################################
name: Anchore Syft SBOM Scan
on:
push:
branches: [ main ]
jobs:
anchore-syft-Scan:
name: Anchore Syft SBOM Scan
runs-on: ubuntu-latest
permissions:
contents: write # required to upload to the Dependency submission API
actions: read # to find workflow artifacts when attaching release assets
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Scan the image and upload dependency results
uses: anchore/sbom-action@v0
with:
image: "localbuild/testimage:latest"
artifact-name: image.spdx.json
dependency-snapshot: true