Skip to content

Commit 4cac7c6

Browse files
inkme9claude
andcommitted
chore: disable upstream CI, add SBOM workflow
- Disable ci.yml and verify-templating.yml (upstream CI, not needed) - Add sbom.yml: build image, generate CycloneDX SBOM (Syft), scan vulnerabilities (Grype), upload artifact Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 2c7b4aa commit 4cac7c6

3 files changed

Lines changed: 40 additions & 0 deletions

File tree

.github/workflows/sbom.yml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
name: SBOM & Vulnerability Scan
2+
3+
on:
4+
push:
5+
branches: ["release/*"]
6+
pull_request:
7+
branches: ["release/*"]
8+
workflow_dispatch:
9+
10+
jobs:
11+
sbom:
12+
name: Generate SBOM and scan
13+
runs-on: ubuntu-latest
14+
steps:
15+
- uses: actions/checkout@v4
16+
17+
- name: Build image
18+
run: |
19+
docker build -t postgres:local -f 18/alpine3.23/Dockerfile 18/alpine3.23/
20+
21+
- name: Generate SBOM (Syft)
22+
uses: anchore/sbom-action@v0
23+
with:
24+
image: postgres:local
25+
format: cyclonedx-json
26+
output-file: sbom.cdx.json
27+
28+
- name: Scan vulnerabilities (Grype)
29+
uses: anchore/scan-action@v6
30+
with:
31+
image: postgres:local
32+
fail-build: false
33+
output-format: table
34+
35+
- name: Upload SBOM
36+
uses: actions/upload-artifact@v4
37+
with:
38+
name: sbom-postgres
39+
path: sbom.cdx.json
40+
retention-days: 90
File renamed without changes.

0 commit comments

Comments
 (0)