Skip to content

Commit

Permalink
Update README to include bit about permissions near the top
Browse files Browse the repository at this point in the history 
Currently the info about permissions is below the fold, and I missed it when implementing the action for my own projects.

Signed-off-by: Josh Buker <[email protected]>
  • Loading branch information
@joshbuker
joshbuker authored Sep 25, 2024
1 parent dbef896 commit b070055
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,17 @@ and upload a workflow artifact SBOM in SPDX format. It will also detect
if being run during a [GitHub release](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases)
and upload the SBOM as a release asset.
> [!IMPORTANT]
> To upload the SBOM to releases, you will need to give the action permission to read the artifact from the action, and write it to the release:
> ```yaml
> jobs:
> build:
> permissions:
> actions: read
> contents: write
> steps:
> ```

## Example Usage

### Scan a container image
Expand Down

0 comments on commit b070055

Please sign in to comment.