gopsutil/.github/workflows/sbom_generator.yml

name: SBOM Generator

on:
  push:
    branches: [ "master" ]

  workflow_dispatch:

permissions: read-all

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - uses: advanced-security/sbom-generator-action@375dee8e6144d9fd0ec1f5667b4f6fb4faacefed # v0.0.1
        id: sbom
        env: 
          GITHUB_TOKEN: ${{ github.token }}
      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with: 
          path: ${{steps.sbom.outputs.fileName }}
          name: "SBOM"
Add github SBOM Generator See this GitHub blog post https://github.blog/2023-03-28-introducing-self-service-sboms/ 2 years ago			`name: SBOM Generator`

			`on:`
			`push:`
Update branch of sbom_generator.yml 2 years ago			`branches: [ "master" ]`
Add github SBOM Generator See this GitHub blog post https://github.blog/2023-03-28-introducing-self-service-sboms/ 2 years ago
			`workflow_dispatch:`

			`permissions: read-all`

			`jobs:`
			`build:`
			`runs-on: ubuntu-latest`

			`steps:`
chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/c85c95e3d7251135ab7dc9ce3241c5835cc595a9...f43a0e5ff2bd294095638e18286ca9a3d1956744) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2 years ago			`- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0`
Add github SBOM Generator See this GitHub blog post https://github.blog/2023-03-28-introducing-self-service-sboms/ 2 years ago
Ref actions by commit SHA in sbom_generator.yml It's important to make sure the SHA's are from the original repositories and not forks. For reference: https://github.com/actions/checkout/releases/tag/v3.5.2 https://github.com/actions/checkout/commit/8e5e7e5ab8b370d6c329ec480221332ada57f0ab https://github.com/advanced-security/sbom-generator-action/releases/tag/v0.0.1 https://github.com/advanced-security/sbom-generator-action/commit/375dee8e6144d9fd0ec1f5667b4f6fb4faacefed https://github.com/actions/upload-artifact/releases/tag/v3.1.2 https://github.com/actions/upload-artifact/commit/0b7f8abb1508181956e8e162db84b466c27e18ce Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> 2 years ago			`- uses: advanced-security/sbom-generator-action@375dee8e6144d9fd0ec1f5667b4f6fb4faacefed # v0.0.1`
Add github SBOM Generator See this GitHub blog post https://github.blog/2023-03-28-introducing-self-service-sboms/ 2 years ago			`id: sbom`
			`env:`
			`GITHUB_TOKEN: ${{ github.token }}`
Ref actions by commit SHA in sbom_generator.yml It's important to make sure the SHA's are from the original repositories and not forks. For reference: https://github.com/actions/checkout/releases/tag/v3.5.2 https://github.com/actions/checkout/commit/8e5e7e5ab8b370d6c329ec480221332ada57f0ab https://github.com/advanced-security/sbom-generator-action/releases/tag/v0.0.1 https://github.com/advanced-security/sbom-generator-action/commit/375dee8e6144d9fd0ec1f5667b4f6fb4faacefed https://github.com/actions/upload-artifact/releases/tag/v3.1.2 https://github.com/actions/upload-artifact/commit/0b7f8abb1508181956e8e162db84b466c27e18ce Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> 2 years ago			`- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2`
Add github SBOM Generator See this GitHub blog post https://github.blog/2023-03-28-introducing-self-service-sboms/ 2 years ago			`with:`
			`path: ${{steps.sbom.outputs.fileName }}`
			`name: "SBOM"`