Skip to content

Commit

Permalink
Switch to spdx.json.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ethan42
ethan42 committed Aug 28, 2024
1 parent 288ffdc commit 65dbdf1
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
11 changes: 7 additions & 4 deletions .github/workflows/sca_snyk.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,14 +69,14 @@ jobs:
with:
image: ${{ github.event.inputs.docker_image }}
format: spdx-json
output-file: sbom_anchore.spdx-json
output-file: sbom_anchore.spdx.json
upload-artifact: false

- name: Upload SBOM file as an artifact
uses: actions/upload-artifact@v4
with:
name: sbom_anchore.spdx-json
path: sbom_anchore.spdx-json
name: sbom_anchore.spdx.json
path: sbom_anchore.spdx.json

- name: Upload SARIF file as an artifact
uses: actions/upload-artifact@v4
Expand All @@ -89,4 +89,7 @@ jobs:
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
category: Security/SCA
category: Security/SCA

- name: SBOM upload
uses: advanced-security/[email protected]
8 changes: 4 additions & 4 deletions .github/workflows/sca_trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ jobs:
with:
image-ref: ${{ github.event.inputs.docker_image }}
format: 'json'
output: sca_trivy.sbom.json
output: sca_trivy.spdx.json

- name: Upload SARIF file as an artifact
uses: actions/upload-artifact@v4
Expand All @@ -75,12 +75,12 @@ jobs:
- name: Upload SARIF file as an artifact
uses: actions/upload-artifact@v4
with:
name: sca_trivy.sbom.json
path: sca_trivy.sbom.json
name: sca_trivy.spdx.json
path: sca_trivy.spdx.json

# Only available on Github Enterprise or public repositories
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: sca_trivy.sarif
category: Security/SCA
category: Security/SCA

0 comments on commit 65dbdf1

Please sign in to comment.