ci: add SBOM export workflow#2615

Open

dkutzmarks-rgb wants to merge 1 commit into

hotfix/add-sbom-export

dkutzmarks-rgb commented Mar 3, 2026

Summary

Adds CycloneDX SBOM generation via cdxgen and uploads to Dependency Track
Runs on push to the default branch and weekly (randomized schedule)
Uses org-level secrets DEPENDENCY_TRACK_API_KEY and DEPENDENCY_TRACK_URL

Details

SBOM format: CycloneDX 1.6 (required by Dependency Track)
Generator: cdxgen v12.1.1 (Docker image)
Runner: ubuntu-latest
Auto-creates project in Dependency Track if it does not exist
Skips SBOM generation if no commits in the last 7 days


          ci: add SBOM export workflow

3593be8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet