File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : SBOM Generation
2+
3+ on :
4+ push :
5+ branches : [main, dev]
6+ pull_request :
7+
8+ jobs :
9+ sbom :
10+ runs-on : ubuntu-latest
11+
12+ steps :
13+ - name : Checkout
14+ uses : actions/checkout@v4
15+
16+ - name : Set up Python
17+ uses : actions/setup-python@v5
18+ with :
19+ python-version : " 3.12"
20+
21+ - name : Install dependencies
22+ run : |
23+ pip install -r requirements.txt --require-hashes
24+ pip install cyclonedx-bom pip-audit
25+
26+ - name : Generate SBOM
27+ run : |
28+ python -m cyclonedx_py environment -o sbom/latest.cdx.json --of JSON
29+
30+ - name : Upload SBOM artifact
31+ uses : actions/upload-artifact@v4
32+ with :
33+ name : trailstax-sbom-${{ github.sha }}
34+ path : sbom/latest.cdx.json
35+ retention-days : 90
36+
37+ - name : CVE Scan
38+ run : |
39+ python -m pip_audit -r requirements.txt --output json -o audit.json
40+
41+ - name : Upload audit artifact
42+ uses : actions/upload-artifact@v4
43+ with :
44+ name : trailstax-audit-${{ github.sha }}
45+ path : audit.json
46+ retention-days : 30
You can’t perform that action at this time.
0 commit comments