8686 restore-keys : |
8787 ${{ runner.os }}-buildx-
8888
89- name : Generate SBOM
90- uses : anchore/sbom-action@v0.15.3
91- with :
92- image : gilcreator/html2rss-web:latest
93- output-file : sbom.spdx.json
94-
95- - name : Upload SBOM Artifact
96- uses : actions/upload-artifact@v4
97- with :
98- name : sbom
99- path : sbom.spdx.json
100-
101- # - name: Publish SBOM to Docker Hub Description
102- # env:
103- # DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
104- # DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
105- # run: |
106- # curl -s -X PATCH "https://hub.docker.com/v2/repositories/${IMAGE_NAME}/" \
107- # -H "Content-Type: application/json" \
108- # -u "$DOCKERHUB_USERNAME:$DOCKERHUB_TOKEN" \
109- # -d '{"full_description": "Auto-generated SBOM: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts"}'
110-
11189name : Build and push Docker image
11290 uses : docker/build-push-action@v5
11391 with :
@@ -128,15 +106,17 @@ jobs:
128106 org.opencontainers.image.description=Generates RSS feeds of any website & serves to the web!
129107 org.opencontainers.image.sbom=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts
130108
131- name : Scan Docker image for vulnerabilities (Trivy)
132- uses : aquasecurity/trivy-action@0.31.0
109+ name : Generate SBOM
110+ uses : anchore/sbom-action@v0.20.1
111+ with :
112+ image : gilcreator/html2rss-web:latest
113+ output-file : sbom.spdx.json
114+
115+ - name : Upload SBOM Artifact
116+ uses : actions/upload-artifact@v4
133117 with :
134- image-ref : gilcreator/html2rss-web:latest
135- format : table
136- exit-code : 1
137- ignore-unfixed : true
138- vuln-type : os,library
139- severity : CRITICAL,HIGH
118+ name : sbom
119+ path : sbom.spdx.json
140120
141121 - name : Move updated cache into place
142122 run : |
0 commit comments