Skip to content

prazian/gh-gomod-generate-sbom

 
 

Repository files navigation

gh-gomod-generate-sbom

GitHub action to generate a CycloneDX SBOM for Go modules.

This action uses cyclonedx-gomod to generate SBOMs.

Inputs

version

Required. The version of cyclonedx-gomod to use.
Can be a version range, in which case the latest version matching the range is chosen.
Minimum allowed version is v1.0.0. Must either be an existing semantic version (e.g. v1.0.0, 1.0.0) or a version range.

args

Optional. Arguments to pass to cyclonedx-gomod.
Please refer to the cyclonedx-gomod documentation for usage instructions.
When not set, cyclonedx-gomod will only be downloaded, but not executed.
It'll be made available via $PATH and can be used by later steps of the workflow.

Example usage

# Download and invoke cyclonedx-gomod in a single step
- name: Generate SBOM
  uses: CycloneDX/gh-gomod-generate-sbom@v1
  with:
    version: v1
    args: mod -licenses -json -output bom.json

# Just download cyclonedx-gomod and call it in a later step
- name: Download cyclonedx-gomod
  uses: CycloneDX/gh-gomod-generate-sbom@v1
  with:
    version: v1
- name: Generate SBOM
  run: cyclonedx-gomod app -licenses -files -output bom.xml -main cmd/acme-app

About

GitHub action to generate a CycloneDX SBOM for Go modules

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 100.0%